[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] [SECURITY] [DSA 1685-1] New uw-imap packages fix multiple vulnerabilities
- To: full-disclosure@xxxxxxxxxxxxxxxxx
- Subject: Re: [Full-disclosure] [SECURITY] [DSA 1685-1] New uw-imap packages fix multiple vulnerabilities
- From: - o z - <osgo@xxxxxxxxxxx>
- Date: Fri, 12 Dec 2008 11:36:19 -0800
On Dec 11, 2008, at 10:36 PM, Steffen Joeris wrote:
Debian Security Advisory DSA-1685-1 security@xxxxxxxxxx
http://www.debian.org/security/ Steffen
Joeris
December 12, 2008 http://www.debian.org/security/faq
-
------------------------------------------------------------------------
Package : uw-imap
Vulnerability : buffer overflows, null pointer dereference
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2008-5005 CVE-2008-5006
Two vulnerabilities have been found in uw-imap, an IMAP
implementation. The Common Vulnerabilities and Exposures project
identifies the following problems:
This alert is an excellent example of what I've been ranting about,
e.g.:
Re: [Full-disclosure] [SECURITY] [DSA 1685-1] New uw-imap packages fix
multiple vulnerabilities
-------------------------> ^^^^^^^^^^^^^^^^^^^^^^^^
24-25 characters that could have been appended to the end of the
subject line instead of
the beginning.
In a perfect world, the message would read like this, with "[Full-
disclosure]" abbreviated to "[FD]":
"Re: [FD] New uw-imap packages fix multiple vulnerabilities [SECURITY]
[DSA 1685-1]"
Oi, I know this makes too much sense, sorry.
-oz
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/