[Secure-testing-commits] r2296 - data/DTSA/advs

[Neil McGovern]

Author: neilm
Date: 2005-10-04 11:32:33 +0000 (Tue, 04 Oct 2005)
New Revision: 2296

Added:
   data/DTSA/advs/20-mailutils.adv
Log:
Created .adv


Added: data/DTSA/advs/20-mailutils.adv
===================================================================
--- data/DTSA/advs/20-mailutils.adv	2005-10-04 09:54:28 UTC (rev 2295)
+++ data/DTSA/advs/20-mailutils.adv	2005-10-04 11:32:33 UTC (rev 2296)
@@ -0,0 +1,18 @@
+source: mailutils
+date: October 4th, 2005
+author: Neil Mcgovern
+vuln-type: Format string vulnerability
+problem-scope: remote
+debian-specifc: no
+cve: CAN-2005-2878
+vendor-advisory: http://savannah.gnu.org/patch/index.php?func=detailitem&item_id=4407
+testing-fix: 1:0.6.90-2.1etch1
+sid-fix: 1:0.6.90-3
+upgrade: apt-get install mailutils
+
+A ormat string vulnerability has been discovered in Mailutils.
+
+CAN-2005-2878
+  A format string vulnerability in search.c in the imap4d server in GNU
+  Mailutils 0.6 allows remote authenticated users to execute arbitrary code via
+  format string specifiers in the SEARCH command.