Back to isync PTS page

Accepted isync 1.2.1-2+deb9u1 (source) into oldoldstable

To: debian-lts-changes@lists.debian.org, dispatch@tracker.debian.org
Subject: Accepted isync 1.2.1-2+deb9u1 (source) into oldoldstable
From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Date: Fri, 01 Jul 2022 12:20:11 +0000
Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.seger; h=Date:Message-Id:Subject: Content-Transfer-Encoding:Content-Type:MIME-Version:To:Reply-To:From:Cc: Content-ID:Content-Description:In-Reply-To:References; bh=kFpdkGzND6fvPodovzYd/k9it3pzM1bA6WjATV57mhU=; b=aJvglPVh4Z/gK3XKK9sSreJ7uI vWxDqJWUXjO6SawW9s2Oer3GsE1DZqd7qD67B3smKsWyOUa8WeQVWRDdcUwAPWATC3OPXWkPuErnv pjH2jGGWx6DFRUlJQDs+9Xa7/UHi1QnnI/Q0m9NHC1qgk3biLhygy1quIS24DSixoO6L+CHvukAfU RLc+28Zfm5yCvWZORVVgm8G59wAUlocuHuFMLKiaFCt1oB+Ira4lEzlcFLh0u43FNdYefoYv/V+6W BHmC1h+716x1CRJeeYvb6G6siqsaAaxhnBo6zDt5p55usoMLfwydAysYvx9RXnAu5RXDt9mGSGBnU YGeLTMhg==;
Mail-followup-to: debian-lts@lists.debian.org
Message-id: <E1o7Fd5-00072Y-GU@seger.debian.org>
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri,  1 Jul 2022 14:01:36 CEST
Source: isync
Binary: isync
Architecture: source
Version: 1.2.1-2+deb9u1
Distribution: stretch-security
Urgency: high
Maintainer: Nicolas Boullis <nboullis@debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Description:
 isync      - IMAP and MailDir mailbox synchronizer
Checksums-Sha1:
 913c257f82c00323829920d7611d2ff69ed3f0ab 2155 isync_1.2.1-2+deb9u1.dsc
 35a048dd15bd8779d3abb300c1e5ac84afb60e7f 281990 isync_1.2.1.orig.tar.gz
 1e60644fc6f2b901dd8e72e037bfeb37b35d98ec 11304 isync_1.2.1-2+deb9u1.debian.tar.xz
 b32f11fe02171b6709d8710980212f41fe9aded0 6670 isync_1.2.1-2+deb9u1_amd64.buildinfo
Checksums-Sha256:
 e9c44516661bce7f7b2171db3dd11e3ebef99918c11cb434d2a5432a2fb5b19b 2155 isync_1.2.1-2+deb9u1.dsc
 e716de28c9a08e624a035caae3902fcf3b511553be5d61517a133e03aa3532ae 281990 isync_1.2.1.orig.tar.gz
 07f5be83da39921fe01cf55feeca7a3c81797e95396297697a497de5420f8ee5 11304 isync_1.2.1-2+deb9u1.debian.tar.xz
 f730495c062ea82a088ab5908b53b2e7a665388550f1c54db6645d62665aac47 6670 isync_1.2.1-2+deb9u1_amd64.buildinfo
Changes:
 isync (1.2.1-2+deb9u1) stretch-security; urgency=high
 .
   * Non-maintainer upload by the LTS team.
   * Fix CVE-2021-20247:
     A flaw was found in mbsync. Validations of the mailbox names returned by
     IMAP LIST/LSUB do not occur allowing a malicious or compromised server to
     use specially crafted mailbox names containing '..' path components to
     access data outside the designated mailbox on the opposite end of the
     synchronization channel. The highest threat from this vulnerability is to
     data confidentiality and integrity.
   * Fix CVE-2021-3657:
     A flaw was found in mbsync. Due to inadequate handling of extremely large
     (>=2GiB) IMAP literals, malicious or compromised IMAP servers, and
     hypothetically even external email senders, could cause several different
     buffer overflows, which could conceivably be exploited for remote code
     execution.
   * Fix CVE-2021-3578:
     A flaw was found in mbsync, where an unchecked pointer cast allows a
     malicious or compromised server to write an arbitrary integer value past
     the end of a heap-allocated structure by issuing an unexpected APPENDUID
     response. This could be plausibly exploited for remote code execution on
     the client.
   * Build with -std=c99 in order to compile new code.
Files:
 11c79c06ff8f0f7ea81c55d47a77dd99 2155 mail optional isync_1.2.1-2+deb9u1.dsc
 7ba1a07c7b487a3ab5fef54d0071f1dd 281990 mail optional isync_1.2.1.orig.tar.gz
 33af437e2369a0aa1acb8f18101f7daa 11304 mail optional isync_1.2.1-2+deb9u1.debian.tar.xz
 087fc447b23c0645e6dac568329c26cf 6670 mail optional isync_1.2.1-2+deb9u1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmK+4idfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HknEEQAMY+9DHsH4fpIRkAvO0eo8tsd02Sd6ki618D
jdr+y8Mp7muDJk7ojwaf3sXVptuuvkMc0lBpm+Fk8ZJONCZHxn8hP9QMUvA6Ueqj
xLXSir5YyxFAxZty2yItNQg6STtgm2N0tIa+cgL5tI9tS14Ma9bi5UHCZPW9qTOC
MlgDw/HCZMFuDe97mRGKqqwOwq9d8v4x9AHQsHd0iqQUkF5jWD+yLPUMtO/cUnEg
mb7LU/4BD6EWSSSrieb2no8fcTa47gMb3tOVe6tNww/JyYuAK5axez39Sbu75FYJ
pvcEleSZScNjlCkcEC1ayn5/waWTzpWRkAJp658N5SnZPxueSuslIdjF6ETWm22u
IXGKloLHb0jJSCs2OrhLt4L5+OOw7mIegAPBGEOP+mfcgD8I+b+j0p9DS1RLW65x
CMRVmR/nkEQx6aL6FQPytyd+bJNzNjJULtcHtlkP69fdvTfFiUKFwzfcvxDiVUAd
1WWFG0SlI7MBLiviqNRz2371d1r6f8c5Aj2CrrcPq46fsJ0TEddYUgMwddvVqByU
7SFxh8bINQ1yGxVo8lXptpRqphfQ3S3GwGA5tWFckt2sZNsEdzNbF/AaRMVAZINX
Awr3kYQuLLVF7iUsCgNCxQQP1apU3r/eQCLSrWnQmund6e1YRjsOznG3Gh0bz+Zh
HpvnbRUD
=HVEx
-----END PGP SIGNATURE-----