Fedora has issued an advisory today (February 14): https://lists.fedoraproject.org/pipermail/package-announce/2014-February/128293.html The issue is fixed upstream in 1.584. Mageia 3 and Mageia 4 are also affected. Reproducible: Steps to Reproduce:
Whiteboard: (none) => MGA4TOO, MGA3TOO
This has been assigned CVE-2014-2014: http://openwall.com/lists/oss-security/2014/02/18/5
Summary: imapsync new security issue fixed upstream in 1.584 => imapsync new security issue fixed upstream in 1.584 (CVE-2014-2014)
Updated packages uploaded for Mageia 3, Mageia 4, and Cauldron. Advisory: ======================== Updated imapsync package fixes security vulnerability: In imapsync before 1.584, a certificate verification failure when using the --tls option results in imapsync attempting a cleartext login (CVE-2014-2014). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2014 http://openwall.com/lists/oss-security/2014/02/18/5 https://lists.fedoraproject.org/pipermail/package-announce/2014-February/128293.html ======================== Updated packages in core/updates_testing: ======================== imapsync-1.584-1.mga3 imapsync-1.584-1.mga4 from SRPMS: imapsync-1.584-1.mga3.src.rpm imapsync-1.584-1.mga4.src.rpm
Version: Cauldron => 4Assignee: luis.daniel.lucio => qa-bugsWhiteboard: MGA4TOO, MGA3TOO => MGA3TOO
A quick test for imapsync from upstream project. Copy sync_loop_unix.sh and file.txt in same directory and run: sh sync_loop_unix.sh It should create a directoru called LOG with all migrated data
CC: (none) => ennael1
Created attachment 5011 [details] data to be migrated using imapsync
Created attachment 5012 [details] script to migrate data using imapsync
I've used script and data at home on my own imap server using an existing user. Works here as expected on Mageia 4 64
Whiteboard: MGA3TOO => MGA3TOO has_procedure mga4-64-ok
Tested mag4_32, Testing complete for imapsync-1.584-1.mga4, Ok for me. Use Anne's script and procedure on comment 3.
CC: (none) => geiger.david68210Whiteboard: MGA3TOO has_procedure mga4-64-ok => MGA3TOO has_procedure mga4-64-ok mga4-32-ok
Testing complete mga3 64
Whiteboard: MGA3TOO has_procedure mga4-64-ok mga4-32-ok => MGA3TOO has_procedure mga3-64-ok mga4-64-ok mga4-32-ok
Testing complete mga3 32 Advisory uploaded. Validating. Could sysadmin please push to 3 & 4 updates Thanks
Keywords: (none) => validated_updateWhiteboard: MGA3TOO has_procedure mga3-64-ok mga4-64-ok mga4-32-ok => MGA3TOO has_procedure advisory mga3-32-ok mga3-64-ok mga4-64-ok mga4-32-okCC: (none) => sysadmin-bugs
Update pushed: http://advisories.mageia.org/MGASA-2014-0106.html
Status: NEW => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED