Bug 31611 - Update to 2.5.7
Summary: Update to 2.5.7
Alias: None
Product: Sisyphus
Classification: Development
Component: cyrus-imapd (show other bugs)
Version: unstable
Hardware: all Linux
: P3 normal
Assignee: Sergey Y. Afonin
QA Contact: qa-sisyphus
URL: https://docs.cyrus.foundation/imap/re...
Keywords: relnote
Depends on:
Reported: 2015-12-11 02:05 MSK by Konstantin A Lepikhov (L.A. Kostis)
Modified: 2015-12-12 16:37 MSK (History)
1 user (show)

See Also:


Note You need to log in before you can comment on or make changes to this bug.
Description Konstantin A Lepikhov (L.A. Kostis) 2015-12-11 02:05:38 MSK
Changes Since 2.5.6
Security fixes

    CVE-2015-8077, CVE-2015-8078: protect against integer overflow in urlfetch range checks

SSL changes

    Support for legacy SSLv2 and SSLv3 protocols has been removed

Думаю, ради этого стоит обновить.
Comment 1 Sergey Y. Afonin 2015-12-11 10:24:41 MSK
У нас несовсем честный 2.5.6 - я мерджил по тегу cyrus-imapd-2.5 сильно позже релиза 2.5.6, так что вот это у нас уже есть:

commit 4c04c3b417b24a0c2a941d646d6799b32a3ba6b0
Author: Jeroen van Meeuwen (Kolab Systems) <vanmeeuwen@kolabsys.com>
Date:   Sat Mar 14 13:00:04 2015 +0100

    Disable the use of SSLv2 / SSLv3

    Resolves T52

А вот urlfetch не успел попасть чуть-чуть.
Comment 2 Repository Robot 2015-12-12 16:37:57 MSK
cyrus-imapd-2.5.7-alt1 -> sisyphus:

* Fri Dec 11 2015 Sergey Y. Afonin <asy@altlinux> 2.5.7-alt1
- 2.5.7 (CVE-2015-8077, CVE-2015-8078; Closes: #31611)
- added tzdata to "Requires" (Closes: #31612)