CVE-2007-1558

NameCVE-2007-1558
DescriptionThe APOP protocol allows remote attackers to guess the first 3 ...
SourceCVE (at NVD; oss-sec, OSVDB, EDB, Red Hat, Ubuntu, Gentoo, SuSE, more)
ReferencesDSA-1300-1, DSA-1305-1, DTSA-46-1, DTSA-47-1
Debian/oldstablenot vulnerable.
Debian/stablenot vulnerable.
Debian/testingnot vulnerable.
Debian/unstablenot vulnerable.

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
balsa (PTS)squeeze2.4.1-1fixed
jessie, wheezy, sid2.4.12-1fixed
claws-mail (PTS)squeeze3.7.6-4+squeeze1fixed
wheezy3.8.1-2fixed
jessie, sid3.9.3-2fixed
fetchmail (PTS)squeeze6.3.18-2fixed
wheezy6.3.21-4fixed
jessie, sid6.3.26-1fixed
iceape (PTS)squeeze (security)2.0.11-17fixed
icedove (PTS)squeeze, squeeze (security)3.0.11-1+squeeze15fixed
wheezy10.0.12-1fixed
wheezy (security)24.4.0-1~deb7u1fixed
jessie, sid24.4.0-1fixed
mailfilter (PTS)squeeze0.8.2-1fixed
wheezy, sid0.8.2-4fixed
mutt (PTS)squeeze1.5.20-9+squeeze2fixed
squeeze (security)1.5.20-9+squeeze3fixed
wheezy1.5.21-6.2+deb7u1fixed
wheezy (security)1.5.21-6.2+deb7u2fixed
jessie, sid1.5.23-1fixed

The information above is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
balsasource(unstable)2.3.17-1unimportant
claws-mailsource(unstable)2.9.1-1unimportant
fetchmailsource(unstable)6.3.8-1unimportant
fetchmailsourceetch6.3.6-1etch3
iceapesource(unstable)1.1.2-1
iceapesourceetch1.0.9-0etch1DSA-1300-1
iceapesourcelenny1.0.10~pre070720-0etch1+lenny1DTSA-47-1
icedovesource(unstable)2.0.0.4-1
icedovesourceetch1.5.0.12.dfsg1-0etch1DSA-1305-1
icedovesourcelenny1.5.0.12.dfsg1-0etch1+lenny1DTSA-46-1
mailfiltersource(unstable)0.8.2-1unimportant
muttsource(unstable)1.5.18-6unimportant

Notes

Affects various clients, but no practical security implications
MFSA2007-15
i couldn't pinpoint exact mutt fixed version, but lenny's version has the
patch and etch's version does not (http://dev.mutt.org/trac/ticket/2846)

Search for package or bug name: Reporting problems

Home - Testing Security Team - Debian Security - Source (SVN)