-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Wed, 31 Oct 2007 13:49:04 +0900 Source: perdition Binary: perdition perdition-postgresql perdition-mysql perdition-ldap perdition-dev perdition-odbc Architecture: source i386 Version: 1.15-5sarge1 Distribution: oldstable-security Urgency: high Maintainer: Simon Horman Changed-By: Simon Horman Description: perdition - POP3 and IMAP4 Proxy server perdition-dev - Development libraries and headers for perdition perdition-ldap - Library to allow perdition to access LDAP based popmaps perdition-mysql - Library to allow perdition to access MySQL based popmaps perdition-odbc - Library to allow perdition to access ODBC based popmaps perdition-postgresql - Library to allow perdition to access PostgreSQL based popmaps Changes: perdition (1.15-5sarge1) oldstable-security; urgency=high . * Verify that tag read from end-users is valid - CVE-2007-5740 The format string protection mechanism in IMAPD for Perdition Mail Retrieval Proxy 1.17 and earlier allows remote attackers to execute arbitrary code via an IMAP tag with a null byte followed by a format string specifier, which is not counted by the mechanism. Files: 0e3ce322a1b1ad44abbda163b925d642 919 mail optional perdition_1.15-5sarge1.dsc aa17651883aea7cca61424ad9bf8a38e 7002 mail optional perdition_1.15-5sarge1.diff.gz 4671079309c853aa5d13f2918f53c1f2 119726 mail optional perdition_1.15-5sarge1_i386.deb b16d645566732d1385de81877c952d96 6294 mail optional perdition-dev_1.15-5sarge1_i386.deb 9079ac2b06bb7fba3144ce3f76c3c215 15528 mail optional perdition-ldap_1.15-5sarge1_i386.deb 633db52e6fcf8b4f2e099937498a012f 14326 mail optional perdition-mysql_1.15-5sarge1_i386.deb 2f5b1b22d2b482082d83cc8a9070b964 14348 mail optional perdition-odbc_1.15-5sarge1_i386.deb b75a42714104e1578c8b3627c74c2d60 14232 mail optional perdition-postgresql_1.15-5sarge1_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFHKW1TA8ACPgVBDpcRAv42AJ0b3IWva/Oj4wJBjVYrKZPqea5CCQCfdh6O kBrMkNEobsU2jMX91+mK1to= =bY3y -----END PGP SIGNATURE-----