Bug 31611 - Update to 2.5.7
: Update to 2.5.7
Status: CLOSED FIXED
: Sisyphus
(All bugs in Sisyphus/cyrus-imapd)
: unstable
: all Linux
: P3 normal
Assigned To:
:
: https://docs.cyrus.foundation/imap/re...
: relnote
:
:
  Show dependency tree
 
Reported: 2015-12-11 02:05 by
Modified: 2015-12-12 16:37 (History)


Attachments


Note

You need to log in before you can comment on or make changes to this bug.


Description From 2015-12-11 02:05:38
Changes Since 2.5.6
Security fixes

    CVE-2015-8077, CVE-2015-8078: protect against integer overflow in urlfetch
range checks

SSL changes

    Support for legacy SSLv2 and SSLv3 protocols has been removed

Думаю, ради этого стоит обновить.
------- Comment #1 From 2015-12-11 10:24:41 -------
У нас несовсем честный 2.5.6 - я мерджил по тегу cyrus-imapd-2.5 сильно позже
релиза 2.5.6, так что вот это у нас уже есть:

===
commit 4c04c3b417b24a0c2a941d646d6799b32a3ba6b0
Author: Jeroen van Meeuwen (Kolab Systems) <vanmeeuwen@kolabsys.com>
Date:   Sat Mar 14 13:00:04 2015 +0100

    Disable the use of SSLv2 / SSLv3

    Resolves T52
===

А вот urlfetch не успел попасть чуть-чуть.
------- Comment #2 From 2015-12-12 16:37:57 -------
cyrus-imapd-2.5.7-alt1 -> sisyphus:

* Fri Dec 11 2015 Sergey Y. Afonin <asy@altlinux> 2.5.7-alt1
- 2.5.7 (CVE-2015-8077, CVE-2015-8078; Closes: #31611)
- added tzdata to "Requires" (Closes: #31612)