Univention Bugzilla – Bug 49630
cyrus-imapd: Multiple issues (4.3)
Last modified: 2019-06-12 16:44:25 CEST
New Debian cyrus-imapd 2.5.10-3+deb9u1 fixes: This update addresses the following issue: * specialy crafted HTTP PUT operation in CalDAV feature of httpd in IMAP leading to arbitrary code execution (CVE-2019-11356)
--- mirror/ftp/4.3/unmaintained/4.3-0/source/cyrus-imapd_2.5.10-3.dsc +++ apt/ucs_4.3-0-errata4.3-4/source/cyrus-imapd_2.5.10-3+deb9u1.dsc @@ -1,3 +1,8 @@ +2.5.10-3+deb9u1 [Fri, 07 Jun 2019 07:22:52 +0200] Xavier Guimard <yadd@debian.org>: + + * Add patch to fix arbitrary code execution via CalDAV + (Closes: CVE-2019-11356) + 2.5.10-3 [Wed, 07 Dec 2016 11:23:20 +0100] Ondřej Surý <ondrej@debian.org>: * Rely on default tls_ciphers and tls_versions configurations <http://10.200.17.11/4.3-4/#2940016564960942820>
OK: yaml OK: announce_errata OK: patch ~OK: piuparts unclean package removal [4.3-4] 707acc1174 Bug #49630: cyrus-imapd 2.5.10-3+deb9u1 doc/errata/staging/cyrus-imapd.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) [4.3-4] 357b978b57 Bug #49630: cyrus-imapd 2.5.10-3+deb9u1 doc/errata/staging/cyrus-imapd.yaml | 13 +++++++++++++ 1 file changed, 13 insertions(+)
<http://errata.software-univention.de/ucs/4.3/527.html>