Advisories » MGASA-2014-0127

Updated imapsync packages fix an information disclosure

Publication date: 12 Mar 2014
Modification date: 12 Mar 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2013-4279

Description

Updated imapsync package fixes security vulnerability:

Imapsync, by default, runs a "release check" when executed, which causes
imapsync to connect to http://imapsync.lamiral.info and send information
about the version of imapsync, the operating system and perl (CVE-2013-4279).

The imapsync package has been patched to disable this feature.
                

References

• https://lists.fedoraproject.org/pipermail/package-announce/2014-March/129687.html
• https://bugs.mageia.org/show_bug.cgi?id=12985
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4279

SRPMS

4/core

• imapsync-1.584-1.1.mga4

3/core

• imapsync-1.584-1.1.mga3