Bug 20135 - incomplete fix of the CVE-2009-1579
Summary: incomplete fix of the CVE-2009-1579
Status: CLOSED FIXED
Alias: None
Product: Sisyphus
Classification: Development
Component: squirrelmail (show other bugs)
Version: unstable
Hardware: all Linux
: P3 blocker
Assignee: Ilya Mashkin
QA Contact: qa-sisyphus
URL: http://squirrelmail.svn.sourceforge.n...
Keywords: security
Depends on:
Blocks: 20166
  Show dependency tree
 
Reported: 2009-05-22 08:57 MSD by Vladimir Lettiev
Modified: 2009-06-17 00:33 MSD (History)
0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Vladimir Lettiev 2009-05-22 08:57:34 MSD 
Michal Hlavinka обнаружил, что исправление безопасности в функции map_yp_alias (CVE-2009-1579) было неполным.

Апстрим выпустил исправление в новой версии 1.4.19
Comment 1 Repository Robot 2009-05-23 23:23:28 MSD 
squirrelmail-1.4.19-alt1 -> sisyphus:

* Sat May 23 2009 Ilya Mashkin <oddity@altlinux> 1.4.19-alt1

- 1.4.19 (Closes: #20135)
- Fixed:
  + CVE-2009-1579
Comment 2 Vladimir Lettiev 2009-05-25 20:08:31 MSD 
ок. можно закрывать.
Comment 3 Vladimir Lettiev 2009-06-17 00:33:52 MSD 
closed