Candidate: CVE-2008-5005
PublicDate: 2008-11-10 14:12:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5005
Description:
 Multiple stack-based buffer overflows in (1) University of Washington IMAP
 Toolkit 2002 through 2007c, (2) University of Washington Alpine 2.00 and
 earlier, and (3) Panda IMAP allow (a) local users to gain privileges by
 specifying a long folder extension argument on the command line to the
 tmail or dmail program; and (b) remote attackers to execute arbitrary code
 by sending e-mail to a destination mailbox name composed of a username and
 '+' character followed by a long string, processed by the tmail or possibly
 dmail program.
Ubuntu-Description:
Notes:
 mdeslaur> per debian, alpine isn't vulnerable
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_uw-imap:
upstream_uw-imap: released (8:2007b~dfsg-1)
dapper_uw-imap: ignored (reached end-of-life)
gutsy_uw-imap: needed (reached end-of-life)
hardy_uw-imap: ignored (reached end-of-life)
intrepid_uw-imap: needed (reached end-of-life)
jaunty_uw-imap: not-affected (8:2007b~dfsg-1.1)
karmic_uw-imap: not-affected (8:2007b~dfsg-1.1build1)
lucid_uw-imap: not-affected (8:2007e~dfsg-3.1)
maverick_uw-imap: not-affected (8:2007e~dfsg-3.1)
natty_uw-imap: not-affected (8:2007e~dfsg-3.1)
oneiric_uw-imap: not-affected (8:2007e~dfsg-3.1)
devel_uw-imap: not-affected (8:2007e~dfsg-3.1)

Patches_alpine:
upstream_alpine: needs-triage
dapper_alpine: DNE
gutsy_alpine: needed (reached end-of-life)
hardy_alpine: not-affected
intrepid_alpine: not-affected
jaunty_alpine: not-affected
karmic_alpine: not-affected
lucid_alpine: not-affected
maverick_alpine: not-affected
natty_alpine: not-affected
oneiric_alpine: not-affected
devel_alpine: not-affected