"A vulnerability in UW-imapd can be exploited by malicious users to
cause a DoS (Denial of Service) or compromise a vulnerable system.
The vulnerability is caused due to a boundary error in the
"mail_valid_net_parse_work()" function when copying the user supplied
mailbox name to a stack buffer. This can be exploited to cause a
stack-based buffer overflow via a specially crafted mailbox name that
contains an single opening double-quote character, without the
corresponding closing double-quote.
Successful exploitation allows arbitrary code execution, but requires
valid credentials on the IMAP server."
http://secunia.com/advisories/17062/
www.idefense.com/application/poi/display?id=313&type=vulnerabilities
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2933
Patch from 2004g.
Changes (note that relnotes say -2004d, but it is indeed -2004e):
=====
imap-2004d is a maintenance release, released concurrently with Pine
4.63, and consists primarily of bugfixes
There is now a workaround for RedHat breaking flock(). However, since
RedHat has said that they don't support flock(), there is no guarantee
that they won't break it in the future. So you may want to consider some
other Linux distribution or BSD instead. See:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=123415
for the gruesome details.
There are no user-visible functional enhancements in this version.
=====
OTHER CHANGE: Multiple newsrc and MSA support needed by Pine 4.63.
imap-2004c:
fixes to quoted-printable encoding and CRAM-MD5 authentication.
NNTP proxy in imapd now supports the LIST and LSUB commands.
imap-2004b:
There are new ports for Solaris with Blastwave Community Open
Source Software (gcs) and Mandrake Linux (lmd).
SET_SNARFINTERVAL now controls how frequently local drivers
will move new mail from the mail spool as well as from a
maildrop. Maildrops are still tied to a minimum interval of
1 minute, but there is now no minimum for the spool file.
Character set conversions now map non-breaking space to space
if the destination character set doesn't have nbsp. JIS Roman
yen sign is now mapped to Unicode yen sign.
* maintenance release, consisting primarily of critical bugfixes
* now has a supported NNTP proxy capability
* OSF/1 port (Digital UNIX, Tru64) now uses flocksim instead of flcksafe
* The unix[nt] and mmdf drivers now prevent mail_append() from writing Status:,
X-Status:, X-UID, X-IMAP[base]:, and X-Keywords: header lines to a
traditional UNIX or MMDF format mailbox
* mailutil has three new commands: delete, rename, and prune
* IPv6 support now exists for UNIX and W2K
* The NNTP driver now supports NNTP SASL and TLS
* imapd now supports the LITERAL+ and SASL-IR initial-response extensions
* The IMAP driver has some additional checks to reduce the amount of network
traffic, including executing "silly searches" (searches of sequence numbers
only) locally
* The IMAP, POP, SMTP, and NNTP drivers now have diagnostic code to provide
better information about servers which violate SASL's empty challenge
requirements (e.g. with the PLAIN mechanism).
* There is a new mail_fetch_overview_sequence() function which is like
mail_fetch_overview() but takes a sequence number string as an argument.
There should have been a flags argument and FT_UID bit as in all the other
mail_fetch_???() functions but compatibility with the past... :-(
* The overview_t callback (from mail_fetch_overview()) now has a fourth
argument which contains the message sequence number (as opposed to the UID
which is in the second argument). It turned out that some applications were
calling mail_msgno() (which can be moderately expensive) to get the sequence
number, and c-client already knew it.
* Many declarations which are completely internal to a driver have been removed
from the driver .h file, and in those cases where there are no external
declarations left the .h file has been eliminated entirely. As part of this,
the mbox driver routines are now incorporated with the unix driver routines
as opposed to being a separate file. The mbox driver still needs to be lunk
in order to get the mbox functionality.
imap-2002e is a minor release, released concurrently with Pine 4.57, and
contains primarily bugfixes. Programs written for imap-2002d should build
with this version without modification.
The NNTP client code now tries to perform better with legacy NNTP servers
which do not comply with the current NNTP protocol specification draft, most
notably Netscape Collabra.
Delivery notifications now work reliably with SMTP servers that support it.
The following changes are primarily of concern to developers and power users:
There is a "limited advertise" option in env_unix.c which, if set, will only
advertise the user's own namespace and the #shared/ namespace.
It is now possible to build the IMAP toolkit with a separate SSL KEY file
from the certificate file (SSLKEYS vs. SSLCERTS).
A new BODY structure element, sparep, is available for the main program to
use as a pointer for its own purposes; as well as a SET_FREEBODYSPAREP
function, similar to SET_FREEENVELOPESPAREP, SET_FREEELTSPAREP, etc.
imap-2002c is a minor release, released concurrently with Pine 4.55, and
contains primarily bugfixes. Programs written for imap-2002 will build
with this version without modification
imap-2002d is a minor release, released concurrently with Pine 4.56, and
contains primarily bugfixes. Programs written for imap-2002 should build
with this version without modification, with one exception. That exception
is the ngbogus envelope flag, which stopped being used in imap-2002c and is
now gone for good.
See RELNOTES for additional information
imap-2002b is a maintenace release, released concurrently with Pine 4.52,
and contains only bugfixes. Programs written for imap-2002 will build with
this version without modification.
Drivers which do not announce new mail are now indicated by the DR_NONEWMAIL
driver flag. Driver which do not announce new mail when read-only are now
indicated by the DR_NONEWMAILRONLY flag.
There are no user-visible functional enhancements in this version.
occurred because gss_import_name() was segfaulting if /etc/krb5.conf
was not found. To fix it, I swapped the krb5_init_context() and
the gss_import_name() calls, since krb5_init_context() will fail
if krb5 is not configured and I can fail appropriately.
I also changed slightly how the documentation is installed by the
main Makefile, because the ${CP} was relying on the non-existence
of the target directory.
* Updated buildlink.mk as the new version has some new #defines in the .h
file (and e.g. pine won't build against the old version)
Updated: 2 November 2001
imap-2001a is a maintenance release, consisting primarily of bugfixes
including some critical bugfixes to crash and denial of service problems.
Programs written for imap-2001 will build with this version without
modification.
The following new facilities have also been added:
The new /norsh switch in mailbox names provides a more intuitive way of
disabling rsh-IMAP than the existing :143 or setting the rsh-timeout to 0.
Passwords are no longer returned in mm_dlog() callbacks unless the
application sets the SET_DEBUGSENSITIVE parameter.
The SET_NETFSSTATBUG parameter allows an application to force the
traditional UNIX mailbox driver to close and reopen the mailbox at ping
time. This is EXTREMELY inefficient, and should only be used to access
files stored on AFS and old NFS systems.
The ISO 8859 and Windows conversion tables have been updated to comply
with Unicode 3.1, and the KOI8-R table has been verified as compliant with
Unicode 3.1.
The SPECIALS mechanism for passing parameters to the lowest level Makefile
has been updated to be more general. See the next item for why you might
care.
New lrh port to build on Red Hat Linux 7.2, with pre-set definitions for
the places where Red Hat has placed Kerberos and SSL. It's actually just
the lnp port with SPECIALS defined accordingly. You may want to use it as
a model if your system needs such definitions. Note that SPECIALS is
primarily for IMAP toolkit (and Pine) purposes, and that user settings
should use EXTRASPECIALS instead.
* Bugfixes
* SSL is now fully integrated into the IMAP toolkit
* Full client and server TLS support
* The server certificate must be signed by a trusted certificate authority
* RFC 1730 (IMAP4 as opposed to IMAP4rev1) support is turned off by default
in imapd
