-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Wed, 31 Oct 2007 13:30:14 +0900 Source: perdition Binary: perdition perdition-postgresql perdition-mysql perdition-ldap perdition-dev perdition-odbc Architecture: source i386 Version: 1.17-8+lenny1 Distribution: testing-security Urgency: high Maintainer: Simon Horman Changed-By: Simon Horman Description: perdition - POP3 and IMAP4 Proxy server perdition-dev - Development libraries and headers for perdition perdition-ldap - Library to allow perdition to access LDAP based popmaps perdition-mysql - Library to allow perdition to access MySQL based popmaps perdition-odbc - Library to allow perdition to access ODBC based popmaps perdition-postgresql - Library to allow perdition to access PostgreSQL based popmaps Changes: perdition (1.17-8+lenny1) testing-security; urgency=high . * Verify that tag read from end-users is valid - CVE-2007-5740 The format string protection mechanism in IMAPD for Perdition Mail Retrieval Proxy 1.17 and earlier allows remote attackers to execute arbitrary code via an IMAP tag with a null byte followed by a format string specifier, which is not counted by the mechanism. Files: 183ddbd97c76ef16a3e76344f79077b2 910 mail optional perdition_1.17-8+lenny1.dsc 6cef90e55bde9eb2d0a17acccb3516f3 552149 mail optional perdition_1.17.orig.tar.gz 54b53305e55724e6a8d5c2c0ebe61dd6 115599 mail optional perdition_1.17-8+lenny1.diff.gz 538fc24c02a66fb965c1796caa651899 121336 mail optional perdition_1.17-8+lenny1_i386.deb 07372d853526a93f1aafff17de4378be 7166 mail optional perdition-dev_1.17-8+lenny1_i386.deb 254ba13cf4b3da814e558d0b897313d1 16096 mail optional perdition-ldap_1.17-8+lenny1_i386.deb 9387d3cda792e1a2ec6f243ccd4d6553 15096 mail optional perdition-mysql_1.17-8+lenny1_i386.deb 1c389edbdc7a046a40b08f8a33a55d27 14944 mail optional perdition-odbc_1.17-8+lenny1_i386.deb 8db89fba16128ba08127386cc847bbec 14908 mail optional perdition-postgresql_1.17-8+lenny1_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFHKW2CA8ACPgVBDpcRAuXVAKCKa+lI/BB+HkDgM/x+VDdPxgfvFgCeO8A8 0ZoF5c7S3Xoxh/7e61kISRc= =OYB4 -----END PGP SIGNATURE-----