UbuntuUpdates.org

Package "cyrus-caldav"

Name: cyrus-caldav

Description:

Cyrus mail system - CalDAV and CardDAV support

Latest version: 2.5.10-3ubuntu1.1
Release: bionic (18.04)
Level: updates
Repository: universe
Head package: cyrus-imapd
Homepage: http://www.cyrusimap.org/

Links


Download "cyrus-caldav"


Other versions of "cyrus-caldav" in Bionic

Repository Area Version
base universe 2.5.10-3ubuntu1
security universe 2.5.10-3ubuntu1.1

Changelog

Version: 2.5.10-3ubuntu1.1 2020-10-01 15:06:17 UTC

  cyrus-imapd (2.5.10-3ubuntu1.1) bionic-security; urgency=medium

  * SECURITY UPDATE: Buffer overflow vulnerability
    - debian/patches/0019-CVE-2019-11356.patch: HTTP: don't overrun buffer
      when parsing strings with sscanf().
    - CVE-2019-11356
  * SECURITY UPDATE: Privilege escalation vulnerability
    - debian/patches/0020-CVE-2019-19783.patch: lmtp_sieve: don't create
      mailbox with admin for sieve autocreate.
    - CVE-2019-19783

 -- Paulo Flabiano Smorigo <email address hidden> Tue, 29 Sep 2020 19:21:17 +0000

CVE-2019-11356 The CalDAV feature in httpd in Cyrus IMAP 2.5.x through 2.5.12 and 3.0.x through 3.0.9 allows remote attackers to execute arbitrary code via a crafte
CVE-2019-19783 An issue was discovered in Cyrus IMAP before 2.5.15, 3.0.x before 3.0.13, and 3.1.x through 3.1.8. If sieve script uploading is allowed (3.x) or cert



About   -   Send Feedback to @ubuntu_updates