Bug 31611

Summary: Update to 2.5.7
Product: Sisyphus Reporter: Konstantin A Lepikhov (L.A. Kostis) <lakostis>
Component: cyrus-imapdAssignee: Sergey Y. Afonin <asy>
Status: CLOSED FIXED QA Contact: qa-sisyphus
Severity: normal    
Priority: P3 CC: asy
Version: unstableKeywords: relnote
Hardware: all   
OS: Linux   
URL: https://docs.cyrus.foundation/imap/release-notes/2.5/x/2.5.7.html

Description Konstantin A Lepikhov (L.A. Kostis) 2015-12-11 02:05:38 MSK 
Changes Since 2.5.6
Security fixes

    CVE-2015-8077, CVE-2015-8078: protect against integer overflow in urlfetch range checks

SSL changes

    Support for legacy SSLv2 and SSLv3 protocols has been removed

Думаю, ради этого стоит обновить.
Comment 1 Sergey Y. Afonin 2015-12-11 10:24:41 MSK 
У нас несовсем честный 2.5.6 - я мерджил по тегу cyrus-imapd-2.5 сильно позже релиза 2.5.6, так что вот это у нас уже есть:

===
commit 4c04c3b417b24a0c2a941d646d6799b32a3ba6b0
Author: Jeroen van Meeuwen (Kolab Systems) <vanmeeuwen@kolabsys.com>
Date:   Sat Mar 14 13:00:04 2015 +0100

    Disable the use of SSLv2 / SSLv3

    Resolves T52
===

А вот urlfetch не успел попасть чуть-чуть.
Comment 2 Repository Robot 2015-12-12 16:37:57 MSK 
cyrus-imapd-2.5.7-alt1 -> sisyphus:

* Fri Dec 11 2015 Sergey Y. Afonin <asy@altlinux> 2.5.7-alt1
- 2.5.7 (CVE-2015-8077, CVE-2015-8078; Closes: #31611)
- added tzdata to "Requires" (Closes: #31612)