Re: [SECURITY] [DSA 1685-1] New uw-imap packages fix multiple vulnerabilities

[- o z - <osgo () hotmail com>]

On Dec 11, 2008, at 10:36 PM, Steffen Joeris wrote:

> Debian Security Advisory DSA-1685-1                  security () debian org
> http://www.debian.org/security/                           Steffen  
> Joeris
> December 12, 2008                     http://www.debian.org/security/faq
> -  
> ------------------------------------------------------------------------
>
> Package        : uw-imap
> Vulnerability  : buffer overflows, null pointer dereference
> Problem type   : remote
> Debian-specific: no
> CVE Id(s)      : CVE-2008-5005 CVE-2008-5006
>
> Two vulnerabilities have been found in uw-imap, an IMAP
> implementation. The Common Vulnerabilities and Exposures project
> identifies the following problems:

This alert is an excellent example of what I've been ranting about,  
e.g.:

Re: [Full-disclosure] [SECURITY] [DSA 1685-1] New uw-imap packages fix  
multiple vulnerabilities
-------------------------> ^^^^^^^^^^^^^^^^^^^^^^^^

24-25 characters that could have been appended to the end of the  
subject line instead of
the beginning.

In a perfect world, the message would read like this, with "[Full- 
disclosure]" abbreviated to "[FD]":

"Re: [FD] New uw-imap packages fix multiple vulnerabilities [SECURITY]  
[DSA 1685-1]"

Oi, I know this makes too much sense, sorry.

-oz


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/