CVE-2005-2878

Name	CVE-2005-2878
Description	Format string vulnerability in search.c in the imap4d server in GNU Mailutils 0.6 allows remote authenticated users to execute arbitrary code via format string specifiers in the SEARCH command.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
References	DSA-841-1, DTSA-20-1
Debian Bugs	327424

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
mailutils (PTS)	jessie	1:2.99.98-2	fixed
	stretch	1:3.1.1-1	fixed
	buster	1:3.5-4	fixed
	bullseye	1:3.10-3	fixed
	bookworm	1:3.15-4	fixed
	sid, trixie	1:3.17-2	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Origin	Debian Bugs
mailutils	source	woody	(not affected)		DSA-841-1
mailutils	source	sarge	1:0.6.1-4sarge1		DSA-841-1
mailutils	source	etch	1:0.6.90-2.1etch1		DTSA-20-1
mailutils	source	(unstable)	1:0.6.90-3	high		327424