#31611 – Update to 2.5.7

Bug 31611 - Update to 2.5.7

Summary: Update to 2.5.7

Status:	CLOSED FIXED

Alias:	None

Product:	Sisyphus
Classification:	Development
Component:	cyrus-imapd (show other bugs)
Version:	unstable
Hardware:	all Linux

Importance:	P3 normal
Assignee:	Sergey Y. Afonin
QA Contact:	qa-sisyphus

URL:	https://docs.cyrus.foundation/imap/re...
Keywords:	relnote

Depends on:
Blocks:

Reported:	2015-12-11 02:05 MSK by Konstantin A Lepikhov (L.A. Kostis)
Modified:	2015-12-12 16:37 MSK (History)
CC List:	1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Konstantin A Lepikhov (L.A. Kostis) 2015-12-11 02:05:38 MSK

Changes Since 2.5.6
Security fixes

    CVE-2015-8077, CVE-2015-8078: protect against integer overflow in urlfetch range checks

SSL changes

    Support for legacy SSLv2 and SSLv3 protocols has been removed

Думаю, ради этого стоит обновить.

Comment 1 Sergey Y. Afonin 2015-12-11 10:24:41 MSK

У нас несовсем честный 2.5.6 - я мерджил по тегу cyrus-imapd-2.5 сильно позже релиза 2.5.6, так что вот это у нас уже есть:

===
commit 4c04c3b417b24a0c2a941d646d6799b32a3ba6b0
Author: Jeroen van Meeuwen (Kolab Systems) <vanmeeuwen@kolabsys.com>
Date:   Sat Mar 14 13:00:04 2015 +0100

    Disable the use of SSLv2 / SSLv3

    Resolves T52
===

А вот urlfetch не успел попасть чуть-чуть.

Comment 2 Repository Robot 2015-12-12 16:37:57 MSK

cyrus-imapd-2.5.7-alt1 -> sisyphus:

* Fri Dec 11 2015 Sergey Y. Afonin <asy@altlinux> 2.5.7-alt1
- 2.5.7 (CVE-2015-8077, CVE-2015-8078; Closes: #31611)
- added tzdata to "Requires" (Closes: #31612)