Search...

[SECURITY] [DSA 4590-1] cyrus-imapd security update

2019-12-19T22:54:18

ID DEBIAN:DSA-4590-1:AB4C8
Type debian
Reporter Debian
Modified 2019-12-19T22:54:18

Description

Debian Security Advisory DSA-4590-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff December 19, 2019 https://www.debian.org/security/faq

Package : cyrus-imapd CVE ID : CVE-2019-19783

It was discovered that the lmtpd component of the Cyrus IMAP server created mailboxes with administrator privileges if the "fileinto" was used, bypassing ACL checks.

For the oldstable distribution (stretch), this problem has been fixed in version 2.5.10-3+deb9u2.

For the stable distribution (buster), this problem has been fixed in version 3.0.8-6+deb10u3.

We recommend that you upgrade your cyrus-imapd packages.

For the detailed security status of cyrus-imapd please refer to its security tracker page at: https://security-tracker.debian.org/tracker/cyrus-imapd

Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org

JSON Vulners Source

Initial Source

{"id": "DEBIAN:DSA-4590-1:AB4C8", "type": "debian", "bulletinFamily": "unix", "title": "[SECURITY] [DSA 4590-1] cyrus-imapd security update", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4590-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nDecember 19, 2019 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : cyrus-imapd\nCVE ID : CVE-2019-19783\n\nIt was discovered that the lmtpd component of the Cyrus IMAP server\ncreated mailboxes with administrator privileges if the "fileinto" was\nused, bypassing ACL checks.\n\nFor the oldstable distribution (stretch), this problem has been fixed\nin version 2.5.10-3+deb9u2.\n\nFor the stable distribution (buster), this problem has been fixed in\nversion 3.0.8-6+deb10u3.\n\nWe recommend that you upgrade your cyrus-imapd packages.\n\nFor the detailed security status of cyrus-imapd please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/cyrus-imapd\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "published": "2019-12-19T22:54:18", "modified": "2019-12-19T22:54:18", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "LOW", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6}, "href": "https://lists.debian.org/debian-security-announce/2019/msg00244.html", "reporter": "Debian", "references": [], "cvelist": ["CVE-2019-19783"], "immutableFields": [], "lastseen": "2021-10-23T08:48:57", "viewCount": 75, "enchantments": {"dependencies": {"references": [{"type": "almalinux", "idList": ["ALSA-2020:4655"]}, {"type": "cve", "idList": ["CVE-2019-19783"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2019-19783"]}, {"type": "fedora", "idList": ["FEDORA:340B3606D25C", "FEDORA:620DF6047311"]}, {"type": "gentoo", "idList": ["GLSA-202006-23"]}, {"type": "nessus", "idList": ["CENTOS8_RHSA-2020-4655.NASL", "DEBIAN_DSA-4590.NASL", "FEDORA_2019-7938C21723.NASL", "FEDORA_2019-AD23A4522D.NASL", "GENTOO_GLSA-202006-23.NASL", "NEWSTART_CGSL_NS-SA-2021-0086_CYRUS-IMAPD.NASL", "ORACLELINUX_ELSA-2020-4655.NASL", "REDHAT-RHSA-2020-4655.NASL", "UBUNTU_USN-4566-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310143263", "OPENVAS:1361412562310704590", "OPENVAS:1361412562310877106", "OPENVAS:1361412562310877143"]}, {"type": "oraclelinux", "idList": ["ELSA-2020-4655"]}, {"type": "redhat", "idList": ["RHSA-2020:4655"]}, {"type": "redhatcve", "idList": ["RH:CVE-2019-19783"]}, {"type": "ubuntu", "idList": ["USN-4566-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2019-19783"]}], "rev": 4}, "score": {"value": 5.4, "vector": "NONE"}, "backreferences": {"references": [{"type": "almalinux", "idList": ["ALSA-2020:4655"]}, {"type": "cve", "idList": ["CVE-2019-19783"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2019-19783"]}, {"type": "fedora", "idList": ["FEDORA:340B3606D25C", "FEDORA:620DF6047311"]}, {"type": "gentoo", "idList": ["GLSA-202006-23"]}, {"type": "nessus", "idList": ["DEBIAN_DSA-4590.NASL", "ORACLELINUX_ELSA-2020-4655.NASL", "UBUNTU_USN-4566-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310143263"]}, {"type": "oraclelinux", "idList": ["ELSA-2020-4655"]}, {"type": "redhatcve", "idList": ["RH:CVE-2019-19783"]}, {"type": "ubuntu", "idList": ["USN-4566-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2019-19783"]}]}, "exploitation": null, "vulnersScore": 5.4}, "affectedPackage": [{"arch": "arm64", "OSVersion": "10", "packageFilename": "libcyrus-imap-perl_3.0.8-6+deb10u3_arm64.deb", "OS": "Debian", "packageVersion": "3.0.8-6+deb10u3", "operator": "lt", "packageName": "libcyrus-imap-perl"}, {"OSVersion": "9", "arch": "i386", "OS": "Debian", "packageFilename": "cyrus-nntpd_2.5.10-3+deb9u2_i386.deb", "packageVersion": "2.5.10-3+deb9u2", "operator": "lt", "packageName": "cyrus-nntpd"}, {"arch": "s390x", "packageFilename": "cyrus-dev_3.0.8-6+deb10u3_s390x.deb", "OSVersion": "10", "OS": "Debian", "packageVersion": "3.0.8-6+deb10u3", "operator": "lt", "packageName": "cyrus-dev"}, {"OSVersion": "9", "arch": "armhf", "OS": "Debian", "packageVersion": "2.5.10-3+deb9u2", "operator": "lt", "packageFilename": "cyrus-common_2.5.10-3+deb9u2_armhf.deb", "packageName": "cyrus-common"}, {"packageFilename": "cyrus-admin_3.0.8-6+deb10u3_all.deb", "OSVersion": "10", "OS": "Debian", "packageVersion": "3.0.8-6+deb10u3", "arch": "all", "operator": "lt", "packageName": "cyrus-admin"}, {"arch": "arm64", "OSVersion": "10", "OS": "Debian", "packageFilename": "cyrus-caldav-dbgsym_3.0.8-6+deb10u3_arm64.deb", "packageVersion": "3.0.8-6+deb10u3", "operator": "lt", "packageName": "cyrus-caldav-dbgsym"}, {"packageFilename": "cyrus-common_3.0.8-6+deb10u3_armhf.deb", "arch": "armhf", "OSVersion": "10", "OS": "Debian", "packageVersion": "3.0.8-6+deb10u3", "operator": "lt", "packageName": "cyrus-common"}, {"arch": "mips", "operator": "lt", "OSVersion": "10", "OS": "Debian", "packageVersion": "3.0.8-6+deb10u3", "packageFilename": "cyrus-pop3d-dbgsym_3.0.8-6+deb10u3_mips.deb", "packageName": "cyrus-pop3d-dbgsym"}, {"OSVersion": "9", "arch": "mipsel", "OS": "Debian", "packageVersion": "2.5.10-3+deb9u2", "packageFilename": "cyrus-dev_2.5.10-3+deb9u2_mipsel.deb", "operator": "lt", "packageName": "cyrus-dev"}, {"arch": "mips", "OSVersion": "10", "OS": "Debian", "packageVersion": "3.0.8-6+deb10u3", "packageFilename": "cyrus-replication-dbgsym_3.0.8-6+deb10u3_mips.deb", "operator": "lt", "packageName": "cyrus-replication-dbgsym"}, {"OSVersion": "9", "arch": "mipsel", "OS": "Debian", "packageFilename": "cyrus-pop3d_2.5.10-3+deb9u2_mipsel.deb", "packageVersion": "2.5.10-3+deb9u2", "operator": "lt", "packageName": "cyrus-pop3d"}, {"arch": "armel", "OSVersion": "9", "OS": "Debian", "packageFilename": "cyrus-clients-dbgsym_2.5.10-3+deb9u2_armel.deb", "packageVersion": "2.5.10-3+deb9u2", "operator": "lt", "packageName": "cyrus-clients-dbgsym"}, {"arch": "arm64", "OSVersion": "10", "OS": "Debian", "packageFilename": "cyrus-replication_3.0.8-6+deb10u3_arm64.deb", "packageVersion": "3.0.8-6+deb10u3", "operator": "lt", "packageName": "cyrus-replication"}, {"arch": "mips64el", "packageFilename": "cyrus-common-dbgsym_2.5.10-3+deb9u2_mips64el.deb", "OSVersion": "9", "OS": "Debian", "packageVersion": "2.5.10-3+deb9u2", "operator": "lt", "packageName": "cyrus-common-dbgsym"}, {"arch": "mipsel", "OSVersion": "10", "OS": "Debian", "packageVersion": "3.0.8-6+deb10u3", "packageFilename": "cyrus-common-dbgsym_3.0.8-6+deb10u3_mipsel.deb", "operator": "lt", "packageName": "cyrus-common-dbgsym"}, {"packageFilename": "cyrus-replication_3.0.8-6+deb10u3_s390x.deb", "arch": "s390x", "OSVersion": "10", "OS": "Debian", "packageVersion": "3.0.8-6+deb10u3", "operator": "lt", "packageName": "cyrus-replication"}, {"packageFilename": "cyrus-dev_2.5.10-3+deb9u2_i386.deb", "OSVersion": "9", "arch": "i386", "OS": "Debian", "packageVersion": "2.5.10-3+deb9u2", "operator": "lt", "packageName": "cyrus-dev"}, {"arch": "armhf", "OSVersion": "10", "OS": "Debian", "packageVersion": "3.0.8-6+deb10u3", "packageFilename": "cyrus-dev_3.0.8-6+deb10u3_armhf.deb", "operator": "lt", "packageName": "cyrus-dev"}, {"arch": "s390x", "OSVersion": "10", "OS": "Debian", "packageVersion": "3.0.8-6+deb10u3", "packageFilename": "cyrus-imapd-dbgsym_3.0.8-6+deb10u3_s390x.deb", "operator": "lt", "packageName": "cyrus-imapd-dbgsym"}, {"packageFilename": "cyrus-imapd-dbgsym_3.0.8-6+deb10u3_mipsel.deb", "arch": "mipsel", "OSVersion": "10", "OS": "Debian", "packageVersion": "3.0.8-6+deb10u3", "operator": "lt", "packageName": "cyrus-imapd-dbgsym"}, {"packageFilename": "libcyrus-imap-perl-dbgsym_3.0.8-6+deb10u3_mipsel.deb", "arch": "mipsel", "OSVersion": "10", "OS": "Debian", "packageVersion": "3.0.8-6+deb10u3", "operator": "lt", "packageName": "libcyrus-imap-perl-dbgsym"}, {"arch": "armhf", "OSVersion": "10", "OS": "Debian", "packageFilename": "cyrus-clients_3.0.8-6+deb10u3_armhf.deb", "packageVersion": "3.0.8-6+deb10u3", "operator": "lt", "packageName": "cyrus-clients"}, {"OSVersion": "9", "arch": "armhf", "packageFilename": "cyrus-murder_2.5.10-3+deb9u2_armhf.deb", "OS": "Debian", "packageVersion": "2.5.10-3+deb9u2", "operator": "lt", "packageName": "cyrus-murder"}, {"packageFilename": "libcyrus-imap-perl_2.5.10-3+deb9u2_mips64el.deb", "arch": "mips64el", "OSVersion": "9", "OS": "Debian", "packageVersion": "2.5.10-3+deb9u2", "operator": "lt", "packageName": "libcyrus-imap-perl"}, {"packageFilename": "cyrus-replication-dbgsym_2.5.10-3+deb9u2_arm64.deb", "OSVersion": "9", "arch": "arm64", "OS": "Debian", "packageVersion": "2.5.10-3+deb9u2", "operator": "lt", "packageName": "cyrus-replication-dbgsym"}, {"packageFilename": "cyrus-replication_3.0.8-6+deb10u3_amd64.deb", "OSVersion": "10", "OS": "Debian", "arch": "amd64", "packageVersion": "3.0.8-6+deb10u3", "operator": "lt", "packageName": "cyrus-replication"}, {"arch": "mips", "OSVersion": "9", "packageFilename": "cyrus-caldav_2.5.10-3+deb9u2_mips.deb", "OS": "Debian", "packageVersion": "2.5.10-3+deb9u2", "operator": "lt", "packageName": "cyrus-caldav"}, {"OSVersion": "10", "OS": "Debian", "arch": "amd64", "packageVersion": "3.0.8-6+deb10u3", "operator": "lt", "packageFilename": "cyrus-clients_3.0.8-6+deb10u3_amd64.deb", "packageName": "cyrus-clients"}, {"packageFilename": "cyrus-nntpd_2.5.10-3+deb9u2_mipsel.deb", "OSVersion": "9", "arch": "mipsel", "OS": "Debian", "packageVersion": "2.5.10-3+deb9u2", "operator": "lt", "packageName": "cyrus-nntpd"}, {"arch": "armhf", "OSVersion": "10", "OS": "Debian", "packageVersion": "3.0.8-6+deb10u3", "packageFilename": "cyrus-pop3d_3.0.8-6+deb10u3_armhf.deb", "operator": "lt", "packageName": "cyrus-pop3d"}, {"OSVersion": "9", "packageFilename": "cyrus-caldav_2.5.10-3+deb9u2_i386.deb", "arch": "i386", "OS": "Debian", "packageVersion": "2.5.10-3+deb9u2", "operator": "lt", "packageName": "cyrus-caldav"}, {"OSVersion": "10", "OS": "Debian", "arch": "amd64", "packageFilename": "cyrus-pop3d-dbgsym_3.0.8-6+deb10u3_amd64.deb", "packageVersion": "3.0.8-6+deb10u3", "operator": "lt", "packageName": "cyrus-pop3d-dbgsym"}, {"arch": "armel", "OSVersion": "9", "packageFilename": "cyrus-clients_2.5.10-3+deb9u2_armel.deb", "OS": "Debian", "packageVersion": "2.5.10-3+deb9u2", "operator": "lt", "packageName": "cyrus-clients"}, {"arch": "armel", "packageFilename": "cyrus-dev_2.5.10-3+deb9u2_armel.deb", "OSVersion": "9", "OS": "Debian", "packageVersion": "2.5.10-3+deb9u2", "operator": "lt", "packageName": "cyrus-dev"}, {"OSVersion": "9", "packageFilename": "cyrus-imapd_2.5.10-3+deb9u2_all.deb", "OS": "Debian", "packageVersion": "2.5.10-3+deb9u2", "arch": "all", "operator": "lt", "packageName": "cyrus-imapd"}, {"packageFilename": "cyrus-pop3d-dbgsym_2.5.10-3+deb9u2_arm64.deb", "OSVersion": "9", "arch": "arm64", "OS": "Debian", "packageVersion": "2.5.10-3+deb9u2", "operator": "lt", "packageName": "cyrus-pop3d-dbgsym"}, {"packageFilename": "cyrus-murder-dbgsym_2.5.10-3+deb9u2_arm64.deb", "OSVersion": "9", "arch": "arm64", "OS": "Debian", "packageVersion": "2.5.10-3+deb9u2", "operator": "lt", "packageName": "cyrus-murder-dbgsym"}, {"arch": "s390x", "OSVersion": "9", "packageFilename": "cyrus-pop3d-dbgsym_2.5.10-3+deb9u2_s390x.deb", "OS": "Debian", "packageVersion": "2.5.10-3+deb9u2", "operator": "lt", "packageName": "cyrus-pop3d-dbgsym"}, {"arch": "mips64el", "OSVersion": "10", "OS": "Debian", "packageFilename": "cyrus-imapd-dbgsym_3.0.8-6+deb10u3_mips64el.deb", "packageVersion": "3.0.8-6+deb10u3", "operator": "lt", "packageName": "cyrus-imapd-dbgsym"}, {"packageFilename": "libcyrus-imap-perl_3.0.8-6+deb10u3_mips64el.deb", "arch": "mips64el", "OSVersion": "10", "OS": "Debian", "packageVersion": "3.0.8-6+deb10u3", "operator": "lt", "packageName": "libcyrus-imap-perl"}, {"arch": "mips64el", "operator": "lt", "OSVersion": "10", "OS": "Debian", "packageVersion": "3.0.8-6+deb10u3", "packageFilename": "cyrus-clients_3.0.8-6+deb10u3_mips64el.deb", "packageName": "cyrus-clients"}, {"OSVersion": "10", "OS": "Debian", "packageFilename": "cyrus-imapd_3.0.8-6+deb10u3_all.deb", "packageVersion": "3.0.8-6+deb10u3", "arch": "all", "operator": "lt", "packageName": "cyrus-imapd"}, {"OSVersion": "9", "arch": "arm64", "OS": "Debian", "packageVersion": "2.5.10-3+deb9u2", "operator": "lt", "packageFilename": "cyrus-dev_2.5.10-3+deb9u2_arm64.deb", "packageName": "cyrus-dev"}, {"arch": "armel", "OSVersion": "9", "OS": "Debian", "packageFilename": "cyrus-replication_2.5.10-3+deb9u2_armel.deb", "packageVersion": "2.5.10-3+deb9u2", "operator": "lt", "packageName": "cyrus-replication"}, {"packageFilename": "cyrus-caldav_2.5.10-3+deb9u2_armhf.deb", "OSVersion": "9", "arch": "armhf", "OS": "Debian", "packageVersion": "2.5.10-3+deb9u2", "operator": "lt", "packageName": "cyrus-caldav"}, {"arch": "mipsel", "packageFilename": "cyrus-nntpd-dbgsym_3.0.8-6+deb10u3_mipsel.deb", "OSVersion": "10", "OS": "Debian", "packageVersion": "3.0.8-6+deb10u3", "operator": "lt", "packageName": "cyrus-nntpd-dbgsym"}, {"arch": "armel", "OSVersion": "9", "OS": "Debian", "packageVersion": "2.5.10-3+deb9u2", "packageFilename": "cyrus-murder-dbgsym_2.5.10-3+deb9u2_armel.deb", "operator": "lt", "packageName": "cyrus-murder-dbgsym"}, {"OSVersion": "9", "arch": "armhf", "packageFilename": "cyrus-nntpd-dbgsym_2.5.10-3+deb9u2_armhf.deb", "OS": "Debian", "packageVersion": "2.5.10-3+deb9u2", "operator": "lt", "packageName": "cyrus-nntpd-dbgsym"}, {"arch": "mips", "packageFilename": "libcyrus-imap-perl-dbgsym_3.0.8-6+deb10u3_mips.deb", "OSVersion": "10", "OS": "Debian", "packageVersion": "3.0.8-6+deb10u3", "operator": "lt", "packageName": "libcyrus-imap-perl-dbgsym"}, {"arch": "mips64el", "OSVersion": "9", "packageFilename": "libcyrus-imap-perl-dbgsym_2.5.10-3+deb9u2_mips64el.deb", "OS": "Debian", "packageVersion": "2.5.10-3+deb9u2", "operator": "lt", "packageName": "libcyrus-imap-perl-dbgsym"}, {"arch": "s390x", "OSVersion": "10", "OS": "Debian", "packageVersion": "3.0.8-6+deb10u3", "packageFilename": "cyrus-imapd_3.0.8-6+deb10u3_s390x.deb", "operator": "lt", "packageName": "cyrus-imapd"}, {"OSVersion": "9", "arch": "arm64", "packageFilename": "cyrus-nntpd-dbgsym_2.5.10-3+deb9u2_arm64.deb", "OS": "Debian", "packageVersion": "2.5.10-3+deb9u2", "operator": "lt", "packageName": "cyrus-nntpd-dbgsym"}, {"packageFilename": "cyrus-common-dbgsym_2.5.10-3+deb9u2_i386.deb", "OSVersion": "9", "arch": "i386", "OS": "Debian", "packageVersion": "2.5.10-3+deb9u2", "operator": "lt", "packageName": "cyrus-common-dbgsym"}, {"OSVersion": "9", "packageFilename": "cyrus-replication_2.5.10-3+deb9u2_ppc64el.deb", "OS": "Debian", "arch": "ppc64el", "packageVersion": "2.5.10-3+deb9u2", "operator": "lt", "packageName": "cyrus-replication"}, {"arch": "armel", "packageFilename": "libcyrus-imap-perl_3.0.8-6+deb10u3_armel.deb", "OSVersion": "10", "OS": "Debian", "packageVersion": "3.0.8-6+deb10u3", "operator": "lt", "packageName": "libcyrus-imap-perl"}, {"arch": "mips", "OSVersion": "10", "OS": "Debian", "packageVersion": "3.0.8-6+deb10u3", "packageFilename": "cyrus-dev_3.0.8-6+deb10u3_mips.deb", "operator": "lt", "packageName": "cyrus-dev"}, {"packageFilename": "cyrus-replication_3.0.8-6+deb10u3_ppc64el.deb", "OSVersion": "10", "OS": "Debian", "arch": "ppc64el", "packageVersion": "3.0.8-6+deb10u3", "operator": "lt", "packageName": "cyrus-replication"}, {"OSVersion": "10", "OS": "Debian", "packageFilename": "cyrus-dev_3.0.8-6+deb10u3_ppc64el.deb", "arch": "ppc64el", "packageVersion": "3.0.8-6+deb10u3", "operator": "lt", "packageName": "cyrus-dev"}, {"packageFilename": "cyrus-murder_3.0.8-6+deb10u3_mipsel.deb", "arch": "mipsel", "OSVersion": "10", "OS": "Debian", "packageVersion": "3.0.8-6+deb10u3", "operator": "lt", "packageName": "cyrus-murder"}, {"arch": "arm64", "OSVersion": "10", "OS": "Debian", "packageVersion": "3.0.8-6+deb10u3", "packageFilename": "cyrus-clients-dbgsym_3.0.8-6+deb10u3_arm64.deb", "operator": "lt", "packageName": "cyrus-clients-dbgsym"}, {"arch": "s390x", "packageFilename": "cyrus-common-dbgsym_3.0.8-6+deb10u3_s390x.deb", "OSVersion": "10", "OS": "Debian", "packageVersion": "3.0.8-6+deb10u3", "operator": "lt", "packageName": "cyrus-common-dbgsym"}, {"packageFilename": "cyrus-replication_2.5.10-3+deb9u2_arm64.deb", "OSVersion": "9", "arch": "arm64", "OS": "Debian", "packageVersion": "2.5.10-3+deb9u2", "operator": "lt", "packageName": "cyrus-replication"}, {"arch": "armel", "OSVersion": "10", "OS": "Debian", "packageFilename": "cyrus-clients-dbgsym_3.0.8-6+deb10u3_armel.deb", "packageVersion": "3.0.8-6+deb10u3", "operator": "lt", "packageName": "cyrus-clients-dbgsym"}, {"packageFilename": "cyrus-pop3d-dbgsym_2.5.10-3+deb9u2_amd64.deb", "OSVersion": "9", "OS": "Debian", "arch": "amd64", "packageVersion": "2.5.10-3+deb9u2", "operator": "lt", "packageName": "cyrus-pop3d-dbgsym"}, {"OSVersion": "10", "OS": "Debian", "arch": "ppc64el", "packageVersion": "3.0.8-6+deb10u3", "packageFilename": "libcyrus-imap-perl_3.0.8-6+deb10u3_ppc64el.deb", "operator": "lt", "packageName": "libcyrus-imap-perl"}, {"OSVersion": "10", "OS": "Debian", "arch": "ppc64el", "packageVersion": "3.0.8-6+deb10u3", "operator": "lt", "packageFilename": "cyrus-nntpd-dbgsym_3.0.8-6+deb10u3_ppc64el.deb", "packageName": "cyrus-nntpd-dbgsym"}, {"arch": "armel", "OSVersion": "9", "packageFilename": "cyrus-replication-dbgsym_2.5.10-3+deb9u2_armel.deb", "OS": "Debian", "packageVersion": "2.5.10-3+deb9u2", "operator": "lt", "packageName": "cyrus-replication-dbgsym"}, {"OSVersion": "9", "arch": "armhf", "OS": "Debian", "packageFilename": "cyrus-murder-dbgsym_2.5.10-3+deb9u2_armhf.deb", "packageVersion": "2.5.10-3+deb9u2", "operator": "lt", "packageName": "cyrus-murder-dbgsym"}, {"OSVersion": "9", "OS": "Debian", "arch": "amd64", "packageVersion": "2.5.10-3+deb9u2", "packageFilename": "cyrus-murder_2.5.10-3+deb9u2_amd64.deb", "operator": "lt", "packageName": "cyrus-murder"}, {"OSVersion": "10", "OS": "Debian", "packageFilename": "cyrus-murder-dbgsym_3.0.8-6+deb10u3_ppc64el.deb", "arch": "ppc64el", "packageVersion": "3.0.8-6+deb10u3", "operator": "lt", "packageName": "cyrus-murder-dbgsym"}, {"OSVersion": "9", "arch": "mipsel", "packageFilename": "cyrus-pop3d-dbgsym_2.5.10-3+deb9u2_mipsel.deb", "OS": "Debian", "packageVersion": "2.5.10-3+deb9u2", "operator": "lt", "packageName": "cyrus-pop3d-dbgsym"}, {"OSVersion": "10", "OS": "Debian", "arch": "amd64", "packageVersion": "3.0.8-6+deb10u3", "packageFilename": "cyrus-replication-dbgsym_3.0.8-6+deb10u3_amd64.deb", "operator": "lt", "packageName": "cyrus-replication-dbgsym"}, {"arch": "armel", "OSVersion": "10", "packageFilename": "cyrus-common-dbgsym_3.0.8-6+deb10u3_armel.deb", "OS": "Debian", "packageVersion": "3.0.8-6+deb10u3", "operator": "lt", "packageName": "cyrus-common-dbgsym"}, {"operator": "lt", "OSVersion": "9", "OS": "Debian", "packageVersion": "2.5.10-3+deb9u2", "arch": "ppc64el", "packageFilename": "cyrus-imapd_2.5.10-3+deb9u2_ppc64el.deb", "packageName": "cyrus-imapd"}, {"arch": "mips", "OSVersion": "10", "OS": "Debian", "packageVersion": "3.0.8-6+deb10u3", "operator": "lt", "packageFilename": "cyrus-replication_3.0.8-6+deb10u3_mips.deb", "packageName": "cyrus-replication"}, {"arch": "mips", "OSVersion": "9", "OS": "Debian", "packageVersion": "2.5.10-3+deb9u2", "packageFilename": "cyrus-nntpd-dbgsym_2.5.10-3+deb9u2_mips.deb", "operator": "lt", "packageName": "cyrus-nntpd-dbgsym"}, {"arch": "i386", "OSVersion": "10", "OS": "Debian", "packageFilename": "cyrus-replication_3.0.8-6+deb10u3_i386.deb", "packageVersion": "3.0.8-6+deb10u3", "operator": "lt", "packageName": "cyrus-replication"}, {"arch": "mips64el", "OSVersion": "9", "OS": "Debian", "packageVersion": "2.5.10-3+deb9u2", "packageFilename": "cyrus-clients_2.5.10-3+deb9u2_mips64el.deb", "operator": "lt", "packageName": "cyrus-clients"}, {"arch": "mips", "packageFilename": "cyrus-clients_3.0.8-6+deb10u3_mips.deb", "OSVersion": "10", "OS": "Debian", "packageVersion": "3.0.8-6+deb10u3", "operator": "lt", "packageName": "cyrus-clients"}, {"OSVersion": "9", "packageFilename": "cyrus-replication_2.5.10-3+deb9u2_armhf.deb", "arch": "armhf", "OS": "Debian", "packageVersion": "2.5.10-3+deb9u2", "operator": "lt", "packageName": "cyrus-replication"}, {"packageFilename": "cyrus-clients_2.5.10-3+deb9u2_ppc64el.deb", "OSVersion": "9", "OS": "Debian", "packageVersion": "2.5.10-3+deb9u2", "arch": "ppc64el", "operator": "lt", "packageName": "cyrus-clients"}, {"packageFilename": "cyrus-clients_3.0.8-6+deb10u3_i386.deb", "arch": "i386", "OSVersion": "10", "OS": "Debian", "packageVersion": "3.0.8-6+deb10u3", "operator": "lt", "packageName": "cyrus-clients"}, {"arch": "armel", "OSVersion": "10", "OS": "Debian", "packageFilename": "cyrus-pop3d-dbgsym_3.0.8-6+deb10u3_armel.deb", "packageVersion": "3.0.8-6+deb10u3", "operator": "lt", "packageName": "cyrus-pop3d-dbgsym"}, {"arch": "i386", "OSVersion": "10", "OS": "Debian", "packageFilename": "cyrus-dev_3.0.8-6+deb10u3_i386.deb", "packageVersion": "3.0.8-6+deb10u3", "operator": "lt", "packageName": "cyrus-dev"}, {"arch": "mips64el", "operator": "lt", "OSVersion": "10", "OS": "Debian", "packageVersion": "3.0.8-6+deb10u3", "packageFilename": "cyrus-nntpd_3.0.8-6+deb10u3_mips64el.deb", "packageName": "cyrus-nntpd"}, {"arch": "i386", "OSVersion": "10", "OS": "Debian", "packageFilename": "cyrus-pop3d-dbgsym_3.0.8-6+deb10u3_i386.deb", "packageVersion": "3.0.8-6+deb10u3", "operator": "lt", "packageName": "cyrus-pop3d-dbgsym"}, {"arch": "mips64el", "packageFilename": "cyrus-replication-dbgsym_3.0.8-6+deb10u3_mips64el.deb", "OSVersion": "10", "OS": "Debian", "packageVersion": "3.0.8-6+deb10u3", "operator": "lt", "packageName": "cyrus-replication-dbgsym"}, {"packageFilename": "cyrus-common-dbgsym_3.0.8-6+deb10u3_arm64.deb", "arch": "arm64", "OSVersion": "10", "OS": "Debian", "packageVersion": "3.0.8-6+deb10u3", "operator": "lt", "packageName": "cyrus-common-dbgsym"}, {"arch": "i386", "packageFilename": "cyrus-murder_3.0.8-6+deb10u3_i386.deb", "OSVersion": "10", "OS": "Debian", "packageVersion": "3.0.8-6+deb10u3", "operator": "lt", "packageName": "cyrus-murder"}, {"arch": "armel", "OSVersion": "10", "packageFilename": "cyrus-imapd-dbgsym_3.0.8-6+deb10u3_armel.deb", "OS": "Debian", "packageVersion": "3.0.8-6+deb10u3", "operator": "lt", "packageName": "cyrus-imapd-dbgsym"}, {"arch": "mipsel", "OSVersion": "10", "packageFilename": "cyrus-pop3d-dbgsym_3.0.8-6+deb10u3_mipsel.deb", "OS": "Debian", "packageVersion": "3.0.8-6+deb10u3", "operator": "lt", "packageName": "cyrus-pop3d-dbgsym"}, {"packageFilename": "cyrus-caldav-dbgsym_3.0.8-6+deb10u3_ppc64el.deb", "OSVersion": "10", "OS": "Debian", "arch": "ppc64el", "packageVersion": "3.0.8-6+deb10u3", "operator": "lt", "packageName": "cyrus-caldav-dbgsym"}, {"OSVersion": "9", "arch": "i386", "packageFilename": "cyrus-pop3d-dbgsym_2.5.10-3+deb9u2_i386.deb", "OS": "Debian", "packageVersion": "2.5.10-3+deb9u2", "operator": "lt", "packageName": "cyrus-pop3d-dbgsym"}, {"OSVersion": "9", "arch": "armhf", "OS": "Debian", "packageVersion": "2.5.10-3+deb9u2", "packageFilename": "cyrus-replication-dbgsym_2.5.10-3+deb9u2_armhf.deb", "operator": "lt", "packageName": "cyrus-replication-dbgsym"}, {"OSVersion": "9", "arch": "i386", "packageFilename": "libcyrus-imap-perl_2.5.10-3+deb9u2_i386.deb", "OS": "Debian", "packageVersion": "2.5.10-3+deb9u2", "operator": "lt", "packageName": "libcyrus-imap-perl"}, {"operator": "lt", "packageFilename": "cyrus-doc_3.0.8-6+deb10u3_all.deb", "OSVersion": "10", "OS": "Debian", "packageVersion": "3.0.8-6+deb10u3", "arch": "all", "packageName": "cyrus-doc"}, {"OSVersion": "10", "OS": "Debian", "arch": "amd64", "packageVersion": "3.0.8-6+deb10u3", "packageFilename": "cyrus-caldav-dbgsym_3.0.8-6+deb10u3_amd64.deb", "operator": "lt", "packageName": "cyrus-caldav-dbgsym"}, {"arch": "mipsel", "OSVersion": "10", "OS": "Debian", "packageVersion": "3.0.8-6+deb10u3", "packageFilename": "cyrus-caldav_3.0.8-6+deb10u3_mipsel.deb", "operator": "lt", "packageName": "cyrus-caldav"}, {"OSVersion": "10", "OS": "Debian", "arch": "amd64", "packageVersion": "3.0.8-6+deb10u3", "packageFilename": "libcyrus-imap-perl_3.0.8-6+deb10u3_amd64.deb", "operator": "lt", "packageName": "libcyrus-imap-perl"}, {"OSVersion": "9", "OS": "Debian", "packageVersion": "2.5.10-3+deb9u2", "arch": "ppc64el", "operator": "lt", "packageFilename": "cyrus-nntpd-dbgsym_2.5.10-3+deb9u2_ppc64el.deb", "packageName": "cyrus-nntpd-dbgsym"}, {"OSVersion": "9", "arch": "i386", "OS": "Debian", "packageVersion": "2.5.10-3+deb9u2", "packageFilename": "cyrus-caldav-dbgsym_2.5.10-3+deb9u2_i386.deb", "operator": "lt", "packageName": "cyrus-caldav-dbgsym"}, {"arch": "i386", "OSVersion": "10", "OS": "Debian", "packageVersion": "3.0.8-6+deb10u3", "operator": "lt", "packageFilename": "cyrus-clients-dbgsym_3.0.8-6+deb10u3_i386.deb", "packageName": "cyrus-clients-dbgsym"}, {"packageFilename": "cyrus-imapd-dbgsym_3.0.8-6+deb10u3_armhf.deb", "arch": "armhf", "OSVersion": "10", "OS": "Debian", "packageVersion": "3.0.8-6+deb10u3", "operator": "lt", "packageName": "cyrus-imapd-dbgsym"}, {"OSVersion": "9", "arch": "arm64", "packageFilename": "libcyrus-imap-perl-dbgsym_2.5.10-3+deb9u2_arm64.deb", "OS": "Debian", "packageVersion": "2.5.10-3+deb9u2", "operator": "lt", "packageName": "libcyrus-imap-perl-dbgsym"}, {"OSVersion": "10", "OS": "Debian", "arch": "ppc64el", "packageVersion": "3.0.8-6+deb10u3", "packageFilename": "libcyrus-imap-perl-dbgsym_3.0.8-6+deb10u3_ppc64el.deb", "operator": "lt", "packageName": "libcyrus-imap-perl-dbgsym"}, {"arch": "s390x", "OSVersion": "9", "packageFilename": "cyrus-common-dbgsym_2.5.10-3+deb9u2_s390x.deb", "OS": "Debian", "packageVersion": "2.5.10-3+deb9u2", "operator": "lt", "packageName": "cyrus-common-dbgsym"}, {"arch": "s390x", "OSVersion": "9", "OS": "Debian", "packageFilename": "cyrus-imapd_2.5.10-3+deb9u2_s390x.deb", "packageVersion": "2.5.10-3+deb9u2", "operator": "lt", "packageName": "cyrus-imapd"}, {"arch": "mips64el", "OSVersion": "10", "OS": "Debian", "packageVersion": "3.0.8-6+deb10u3", "packageFilename": "cyrus-pop3d_3.0.8-6+deb10u3_mips64el.deb", "operator": "lt", "packageName": "cyrus-pop3d"}, {"packageFilename": "cyrus-caldav_3.0.8-6+deb10u3_amd64.deb", "OSVersion": "10", "OS": "Debian", "arch": "amd64", "packageVersion": "3.0.8-6+deb10u3", "operator": "lt", "packageName": "cyrus-caldav"}, {"arch": "mips", "packageFilename": "cyrus-pop3d_3.0.8-6+deb10u3_mips.deb", "OSVersion": "10", "OS": "Debian", "packageVersion": "3.0.8-6+deb10u3", "operator": "lt", "packageName": "cyrus-pop3d"}, {"packageFilename": "cyrus-pop3d_2.5.10-3+deb9u2_mips64el.deb", "arch": "mips64el", "OSVersion": "9", "OS": "Debian", "packageVersion": "2.5.10-3+deb9u2", "operator": "lt", "packageName": "cyrus-pop3d"}, {"arch": "mips64el", "OSVersion": "9", "OS": "Debian", "packageVersion": "2.5.10-3+deb9u2", "packageFilename": "cyrus-imapd-dbgsym_2.5.10-3+deb9u2_mips64el.deb", "operator": "lt", "packageName": "cyrus-imapd-dbgsym"}, {"arch": "mips", "OSVersion": "9", "OS": "Debian", "packageVersion": "2.5.10-3+deb9u2", "packageFilename": "libcyrus-imap-perl_2.5.10-3+deb9u2_mips.deb", "operator": "lt", "packageName": "libcyrus-imap-perl"}, {"arch": "s390x", "OSVersion": "10", "OS": "Debian", "packageVersion": "3.0.8-6+deb10u3", "packageFilename": "libcyrus-imap-perl_3.0.8-6+deb10u3_s390x.deb", "operator": "lt", "packageName": "libcyrus-imap-perl"}, {"arch": "s390x", "OSVersion": "10", "OS": "Debian", "packageVersion": "3.0.8-6+deb10u3", "operator": "lt", "packageFilename": "cyrus-clients_3.0.8-6+deb10u3_s390x.deb", "packageName": "cyrus-clients"}, {"OSVersion": "9", "arch": "mipsel", "OS": "Debian", "packageVersion": "2.5.10-3+deb9u2", "packageFilename": "cyrus-common_2.5.10-3+deb9u2_mipsel.deb", "operator": "lt", "packageName": "cyrus-common"}, {"OSVersion": "9", "arch": "i386", "OS": "Debian", "packageVersion": "2.5.10-3+deb9u2", "operator": "lt", "packageFilename": "cyrus-clients-dbgsym_2.5.10-3+deb9u2_i386.deb", "packageName": "cyrus-clients-dbgsym"}, {"arch": "s390x", "OSVersion": "9", "OS": "Debian", "packageVersion": "2.5.10-3+deb9u2", "operator": "lt", "packageFilename": "cyrus-common_2.5.10-3+deb9u2_s390x.deb", "packageName": "cyrus-common"}, {"arch": "armel", "OSVersion": "10", "OS": "Debian", "packageFilename": "cyrus-pop3d_3.0.8-6+deb10u3_armel.deb", "packageVersion": "3.0.8-6+deb10u3", "operator": "lt", "packageName": "cyrus-pop3d"}, {"arch": "mips", "packageFilename": "cyrus-caldav_3.0.8-6+deb10u3_mips.deb", "OSVersion": "10", "OS": "Debian", "packageVersion": "3.0.8-6+deb10u3", "operator": "lt", "packageName": "cyrus-caldav"}, {"OSVersion": "10", "OS": "Debian", "arch": "ppc64el", "packageVersion": "3.0.8-6+deb10u3", "operator": "lt", "packageFilename": "cyrus-imapd_3.0.8-6+deb10u3_ppc64el.deb", "packageName": "cyrus-imapd"}, {"arch": "s390x", "OSVersion": "10", "OS": "Debian", "packageFilename": "cyrus-murder_3.0.8-6+deb10u3_s390x.deb", "packageVersion": "3.0.8-6+deb10u3", "operator": "lt", "packageName": "cyrus-murder"}, {"arch": "arm64", "OSVersion": "10", "OS": "Debian", "packageVersion": "3.0.8-6+deb10u3", "packageFilename": "cyrus-pop3d_3.0.8-6+deb10u3_arm64.deb", "operator": "lt", "packageName": "cyrus-pop3d"}, {"OSVersion": "9", "arch": "i386", "OS": "Debian", "packageVersion": "2.5.10-3+deb9u2", "packageFilename": "cyrus-pop3d_2.5.10-3+deb9u2_i386.deb", "operator": "lt", "packageName": "cyrus-pop3d"}, {"OSVersion": "9", "arch": "i386", "OS": "Debian", "packageFilename": "cyrus-clients_2.5.10-3+deb9u2_i386.deb", "packageVersion": "2.5.10-3+deb9u2", "operator": "lt", "packageName": "cyrus-clients"}, {"OSVersion": "10", "OS": "Debian", "packageFilename": "cyrus-nntpd_3.0.8-6+deb10u3_ppc64el.deb", "arch": "ppc64el", "packageVersion": "3.0.8-6+deb10u3", "operator": "lt", "packageName": "cyrus-nntpd"}, {"OSVersion": "9", "OS": "Debian", "packageVersion": "2.5.10-3+deb9u2", "arch": "ppc64el", "packageFilename": "cyrus-pop3d_2.5.10-3+deb9u2_ppc64el.deb", "operator": "lt", "packageName": "cyrus-pop3d"}, {"packageFilename": "cyrus-common_2.5.10-3+deb9u2_ppc64el.deb", "OSVersion": "9", "OS": "Debian", "packageVersion": "2.5.10-3+deb9u2", "arch": "ppc64el", "operator": "lt", "packageName": "cyrus-common"}, {"OSVersion": "9", "OS": "Debian", "packageVersion": "2.5.10-3+deb9u2", "arch": "ppc64el", "operator": "lt", "packageFilename": "cyrus-caldav-dbgsym_2.5.10-3+deb9u2_ppc64el.deb", "packageName": "cyrus-caldav-dbgsym"}, {"arch": "mips64el", "packageFilename": "cyrus-replication_3.0.8-6+deb10u3_mips64el.deb", "OSVersion": "10", "OS": "Debian", "packageVersion": "3.0.8-6+deb10u3", "operator": "lt", "packageName": "cyrus-replication"}, {"arch": "mipsel", "OSVersion": "10", "OS": "Debian", "packageFilename": "libcyrus-imap-perl_3.0.8-6+deb10u3_mipsel.deb", "packageVersion": "3.0.8-6+deb10u3", "operator": "lt", "packageName": "libcyrus-imap-perl"}, {"arch": "armel", "OSVersion": "9", "OS": "Debian", "packageVersion": "2.5.10-3+deb9u2", "packageFilename": "libcyrus-imap-perl_2.5.10-3+deb9u2_armel.deb", "operator": "lt", "packageName": "libcyrus-imap-perl"}, {"arch": "mips", "OSVersion": "9", "OS": "Debian", "packageVersion": "2.5.10-3+deb9u2", "operator": "lt", "packageFilename": "cyrus-clients-dbgsym_2.5.10-3+deb9u2_mips.deb", "packageName": "cyrus-clients-dbgsym"}, {"arch": "mips64el", "OSVersion": "9", "packageFilename": "cyrus-imapd_2.5.10-3+deb9u2_mips64el.deb", "OS": "Debian", "packageVersion": "2.5.10-3+deb9u2", "operator": "lt", "packageName": "cyrus-imapd"}, {"packageFilename": "cyrus-clients_2.5.10-3+deb9u2_armhf.deb", "OSVersion": "9", "arch": "armhf", "OS": "Debian", "packageVersion": "2.5.10-3+deb9u2", "operator": "lt", "packageName": "cyrus-clients"}, {"arch": "mips", "OSVersion": "10", "OS": "Debian", "packageFilename": "cyrus-clients-dbgsym_3.0.8-6+deb10u3_mips.deb", "packageVersion": "3.0.8-6+deb10u3", "operator": "lt", "packageName": "cyrus-clients-dbgsym"}, {"arch": "mips", "OSVersion": "9", "packageFilename": "cyrus-nntpd_2.5.10-3+deb9u2_mips.deb", "OS": "Debian", "packageVersion": "2.5.10-3+deb9u2", "operator": "lt", "packageName": "cyrus-nntpd"}, {"OSVersion": "9", "arch": "i386", "OS": "Debian", "packageVersion": "2.5.10-3+deb9u2", "packageFilename": "cyrus-common_2.5.10-3+deb9u2_i386.deb", "operator": "lt", "packageName": "cyrus-common"}, {"OSVersion": "9", "arch": "mipsel", "packageFilename": "cyrus-replication-dbgsym_2.5.10-3+deb9u2_mipsel.deb", "OS": "Debian", "packageVersion": "2.5.10-3+deb9u2", "operator": "lt", "packageName": "cyrus-replication-dbgsym"}, {"arch": "mips", "packageFilename": "cyrus-murder_3.0.8-6+deb10u3_mips.deb", "OSVersion": "10", "OS": "Debian", "packageVersion": "3.0.8-6+deb10u3", "operator": "lt", "packageName": "cyrus-murder"}, {"OSVersion": "9", "OS": "Debian", "arch": "amd64", "packageVersion": "2.5.10-3+deb9u2", "operator": "lt", "packageFilename": "cyrus-imapd-dbgsym_2.5.10-3+deb9u2_amd64.deb", "packageName": "cyrus-imapd-dbgsym"}, {"arch": "mips", "OSVersion": "9", "OS": "Debian", "packageVersion": "2.5.10-3+deb9u2", "operator": "lt", "packageFilename": "cyrus-murder-dbgsym_2.5.10-3+deb9u2_mips.deb", "packageName": "cyrus-murder-dbgsym"}, {"OSVersion": "9", "OS": "Debian", "packageVersion": "2.5.10-3+deb9u2", "arch": "ppc64el", "packageFilename": "cyrus-pop3d-dbgsym_2.5.10-3+deb9u2_ppc64el.deb", "operator": "lt", "packageName": "cyrus-pop3d-dbgsym"}, {"arch": "armel", "OSVersion": "9", "OS": "Debian", "packageFilename": "cyrus-imapd-dbgsym_2.5.10-3+deb9u2_armel.deb", "packageVersion": "2.5.10-3+deb9u2", "operator": "lt", "packageName": "cyrus-imapd-dbgsym"}, {"OSVersion": "10", "OS": "Debian", "arch": "amd64", "packageFilename": "cyrus-imapd-dbgsym_3.0.8-6+deb10u3_amd64.deb", "packageVersion": "3.0.8-6+deb10u3", "operator": "lt", "packageName": "cyrus-imapd-dbgsym"}, {"arch": "armel", "OSVersion": "9", "packageFilename": "cyrus-imapd_2.5.10-3+deb9u2_armel.deb", "OS": "Debian", "packageVersion": "2.5.10-3+deb9u2", "operator": "lt", "packageName": "cyrus-imapd"}, {"arch": "mips", "OSVersion": "9", "OS": "Debian", "packageFilename": "cyrus-common-dbgsym_2.5.10-3+deb9u2_mips.deb", "packageVersion": "2.5.10-3+deb9u2", "operator": "lt", "packageName": "cyrus-common-dbgsym"}, {"arch": "armel", "OSVersion": "10", "OS": "Debian", "packageFilename": "cyrus-murder-dbgsym_3.0.8-6+deb10u3_armel.deb", "packageVersion": "3.0.8-6+deb10u3", "operator": "lt", "packageName": "cyrus-murder-dbgsym"}, {"arch": "mips64el", "OSVersion": "9", "OS": "Debian", "packageVersion": "2.5.10-3+deb9u2", "packageFilename": "cyrus-replication_2.5.10-3+deb9u2_mips64el.deb", "operator": "lt", "packageName": "cyrus-replication"}, {"arch": "s390x", "OSVersion": "10", "OS": "Debian", "packageVersion": "3.0.8-6+deb10u3", "operator": "lt", "packageFilename": "cyrus-pop3d_3.0.8-6+deb10u3_s390x.deb", "packageName": "cyrus-pop3d"}, {"arch": "armel", "OSVersion": "10", "OS": "Debian", "packageFilename": "cyrus-dev_3.0.8-6+deb10u3_armel.deb", "packageVersion": "3.0.8-6+deb10u3", "operator": "lt", "packageName": "cyrus-dev"}, {"arch": "i386", "OSVersion": "10", "packageFilename": "cyrus-replication-dbgsym_3.0.8-6+deb10u3_i386.deb", "OS": "Debian", "packageVersion": "3.0.8-6+deb10u3", "operator": "lt", "packageName": "cyrus-replication-dbgsym"}, {"OSVersion": "9", "packageFilename": "cyrus-murder_2.5.10-3+deb9u2_i386.deb", "arch": "i386", "OS": "Debian", "packageVersion": "2.5.10-3+deb9u2", "operator": "lt", "packageName": "cyrus-murder"}, {"arch": "mips", "OSVersion": "10", "OS": "Debian", "packageFilename": "libcyrus-imap-perl_3.0.8-6+deb10u3_mips.deb", "packageVersion": "3.0.8-6+deb10u3", "operator": "lt", "packageName": "libcyrus-imap-perl"}, {"OSVersion": "9", "arch": "i386", "OS": "Debian", "packageVersion": "2.5.10-3+deb9u2", "packageFilename": "cyrus-imapd_2.5.10-3+deb9u2_i386.deb", "operator": "lt", "packageName": "cyrus-imapd"}, {"arch": "mips", "packageFilename": "cyrus-common_2.5.10-3+deb9u2_mips.deb", "OSVersion": "9", "OS": "Debian", "packageVersion": "2.5.10-3+deb9u2", "operator": "lt", "packageName": "cyrus-common"}, {"arch": "s390x", "OSVersion": "9", "OS": "Debian", "packageVersion": "2.5.10-3+deb9u2", "packageFilename": "cyrus-clients-dbgsym_2.5.10-3+deb9u2_s390x.deb", "operator": "lt", "packageName": "cyrus-clients-dbgsym"}, {"arch": "armhf", "OSVersion": "10", "OS": "Debian", "packageVersion": "3.0.8-6+deb10u3", "packageFilename": "libcyrus-imap-perl_3.0.8-6+deb10u3_armhf.deb", "operator": "lt", "packageName": "libcyrus-imap-perl"}, {"OSVersion": "9", "OS": "Debian", "arch": "amd64", "packageVersion": "2.5.10-3+deb9u2", "packageFilename": "cyrus-dev_2.5.10-3+deb9u2_amd64.deb", "operator": "lt", "packageName": "cyrus-dev"}, {"arch": "s390x", "OSVersion": "9", "OS": "Debian", "packageVersion": "2.5.10-3+deb9u2", "operator": "lt", "packageFilename": "cyrus-nntpd_2.5.10-3+deb9u2_s390x.deb", "packageName": "cyrus-nntpd"}, {"OSVersion": "9", "arch": "mipsel", "OS": "Debian", "packageFilename": "libcyrus-imap-perl-dbgsym_2.5.10-3+deb9u2_mipsel.deb", "packageVersion": "2.5.10-3+deb9u2", "operator": "lt", "packageName": "libcyrus-imap-perl-dbgsym"}, {"OSVersion": "9", "arch": "armhf", "OS": "Debian", "packageFilename": "cyrus-clients-dbgsym_2.5.10-3+deb9u2_armhf.deb", "packageVersion": "2.5.10-3+deb9u2", "operator": "lt", "packageName": "cyrus-clients-dbgsym"}, {"OSVersion": "9", "packageFilename": "cyrus-imapd-dbgsym_2.5.10-3+deb9u2_ppc64el.deb", "OS": "Debian", "packageVersion": "2.5.10-3+deb9u2", "arch": "ppc64el", "operator": "lt", "packageName": "cyrus-imapd-dbgsym"}, {"arch": "i386", "OSVersion": "10", "OS": "Debian", "packageFilename": "cyrus-common-dbgsym_3.0.8-6+deb10u3_i386.deb", "packageVersion": "3.0.8-6+deb10u3", "operator": "lt", "packageName": "cyrus-common-dbgsym"}, {"packageFilename": "cyrus-imapd-dbgsym_2.5.10-3+deb9u2_mipsel.deb", "OSVersion": "9", "arch": "mipsel", "OS": "Debian", "packageVersion": "2.5.10-3+deb9u2", "operator": "lt", "packageName": "cyrus-imapd-dbgsym"}, {"packageFilename": "cyrus-dev_3.0.8-6+deb10u3_amd64.deb", "OSVersion": "10", "OS": "Debian", "arch": "amd64", "packageVersion": "3.0.8-6+deb10u3", "operator": "lt", "packageName": "cyrus-dev"}, {"operator": "lt", "arch": "armhf", "OSVersion": "10", "OS": "Debian", "packageVersion": "3.0.8-6+deb10u3", "packageFilename": "cyrus-murder-dbgsym_3.0.8-6+deb10u3_armhf.deb", "packageName": "cyrus-murder-dbgsym"}, {"arch": "arm64", "packageFilename": "cyrus-dev_3.0.8-6+deb10u3_arm64.deb", "OSVersion": "10", "OS": "Debian", "packageVersion": "3.0.8-6+deb10u3", "operator": "lt", "packageName": "cyrus-dev"}, {"arch": "i386", "OSVersion": "10", "OS": "Debian", "packageFilename": "libcyrus-imap-perl-dbgsym_3.0.8-6+deb10u3_i386.deb", "packageVersion": "3.0.8-6+deb10u3", "operator": "lt", "packageName": "libcyrus-imap-perl-dbgsym"}, {"arch": "s390x", "OSVersion": "10", "OS": "Debian", "packageVersion": "3.0.8-6+deb10u3", "packageFilename": "cyrus-common_3.0.8-6+deb10u3_s390x.deb", "operator": "lt", "packageName": "cyrus-common"}, {"arch": "arm64", "OSVersion": "10", "OS": "Debian", "packageVersion": "3.0.8-6+deb10u3", "packageFilename": "cyrus-caldav_3.0.8-6+deb10u3_arm64.deb", "operator": "lt", "packageName": "cyrus-caldav"}, {"arch": "s390x", "OSVersion": "9", "OS": "Debian", "packageFilename": "cyrus-clients_2.5.10-3+deb9u2_s390x.deb", "packageVersion": "2.5.10-3+deb9u2", "operator": "lt", "packageName": "cyrus-clients"}, {"packageFilename": "cyrus-nntpd-dbgsym_3.0.8-6+deb10u3_armhf.deb", "arch": "armhf", "OSVersion": "10", "OS": "Debian", "packageVersion": "3.0.8-6+deb10u3", "operator": "lt", "packageName": "cyrus-nntpd-dbgsym"}, {"OSVersion": "9", "arch": "mipsel", "OS": "Debian", "packageFilename": "cyrus-common-dbgsym_2.5.10-3+deb9u2_mipsel.deb", "packageVersion": "2.5.10-3+deb9u2", "operator": "lt", "packageName": "cyrus-common-dbgsym"}, {"arch": "mips", "OSVersion": "9", "OS": "Debian", "packageVersion": "2.5.10-3+deb9u2", "packageFilename": "cyrus-pop3d_2.5.10-3+deb9u2_mips.deb", "operator": "lt", "packageName": "cyrus-pop3d"}, {"packageFilename": "libcyrus-imap-perl_3.0.8-6+deb10u3_i386.deb", "arch": "i386", "OSVersion": "10", "OS": "Debian", "packageVersion": "3.0.8-6+deb10u3", "operator": "lt", "packageName": "libcyrus-imap-perl"}, {"arch": "mips", "OSVersion": "9", "OS": "Debian", "packageFilename": "cyrus-murder_2.5.10-3+deb9u2_mips.deb", "packageVersion": "2.5.10-3+deb9u2", "operator": "lt", "packageName": "cyrus-murder"}, {"arch": "mipsel", "packageFilename": "cyrus-replication_3.0.8-6+deb10u3_mipsel.deb", "OSVersion": "10", "OS": "Debian", "packageVersion": "3.0.8-6+deb10u3", "operator": "lt", "packageName": "cyrus-replication"}, {"arch": "armel", "packageFilename": "cyrus-nntpd_3.0.8-6+deb10u3_armel.deb", "OSVersion": "10", "OS": "Debian", "packageVersion": "3.0.8-6+deb10u3", "operator": "lt", "packageName": "cyrus-nntpd"}, {"arch": "armhf", "OSVersion": "10", "OS": "Debian", "packageVersion": "3.0.8-6+deb10u3", "operator": "lt", "packageFilename": "cyrus-caldav-dbgsym_3.0.8-6+deb10u3_armhf.deb", "packageName": "cyrus-caldav-dbgsym"}, {"OSVersion": "9", "arch": "mipsel", "OS": "Debian", "packageVersion": "2.5.10-3+deb9u2", "packageFilename": "cyrus-murder-dbgsym_2.5.10-3+deb9u2_mipsel.deb", "operator": "lt", "packageName": "cyrus-murder-dbgsym"}, {"arch": "arm64", "OSVersion": "10", "OS": "Debian", "packageFilename": "cyrus-nntpd_3.0.8-6+deb10u3_arm64.deb", "packageVersion": "3.0.8-6+deb10u3", "operator": "lt", "packageName": "cyrus-nntpd"}, {"arch": "i386", "OSVersion": "10", "OS": "Debian", "packageFilename": "cyrus-pop3d_3.0.8-6+deb10u3_i386.deb", "packageVersion": "3.0.8-6+deb10u3", "operator": "lt", "packageName": "cyrus-pop3d"}, {"arch": "mips", "packageFilename": "cyrus-imapd-dbgsym_3.0.8-6+deb10u3_mips.deb", "OSVersion": "10", "OS": "Debian", "packageVersion": "3.0.8-6+deb10u3", "operator": "lt", "packageName": "cyrus-imapd-dbgsym"}, {"arch": "mips64el", "OSVersion": "10", "OS": "Debian", "packageVersion": "3.0.8-6+deb10u3", "packageFilename": "cyrus-dev_3.0.8-6+deb10u3_mips64el.deb", "operator": "lt", "packageName": "cyrus-dev"}, {"arch": "mips", "OSVersion": "10", "OS": "Debian", "packageVersion": "3.0.8-6+deb10u3", "packageFilename": "cyrus-murder-dbgsym_3.0.8-6+deb10u3_mips.deb", "operator": "lt", "packageName": "cyrus-murder-dbgsym"}, {"arch": "mips", "OSVersion": "10", "OS": "Debian", "packageFilename": "cyrus-caldav-dbgsym_3.0.8-6+deb10u3_mips.deb", "packageVersion": "3.0.8-6+deb10u3", "operator": "lt", "packageName": "cyrus-caldav-dbgsym"}, {"OSVersion": "9", "arch": "arm64", "packageFilename": "cyrus-caldav_2.5.10-3+deb9u2_arm64.deb", "OS": "Debian", "packageVersion": "2.5.10-3+deb9u2", "operator": "lt", "packageName": "cyrus-caldav"}, {"arch": "s390x", "OSVersion": "9", "OS": "Debian", "packageFilename": "cyrus-dev_2.5.10-3+deb9u2_s390x.deb", "packageVersion": "2.5.10-3+deb9u2", "operator": "lt", "packageName": "cyrus-dev"}, {"arch": "armel", "OSVersion": "9", "packageFilename": "libcyrus-imap-perl-dbgsym_2.5.10-3+deb9u2_armel.deb", "OS": "Debian", "packageVersion": "2.5.10-3+deb9u2", "operator": "lt", "packageName": "libcyrus-imap-perl-dbgsym"}, {"arch": "mips", "OSVersion": "10", "OS": "Debian", "packageFilename": "cyrus-nntpd_3.0.8-6+deb10u3_mips.deb", "packageVersion": "3.0.8-6+deb10u3", "operator": "lt", "packageName": "cyrus-nntpd"}, {"OSVersion": "9", "OS": "Debian", "packageVersion": "2.5.10-3+deb9u2", "arch": "ppc64el", "operator": "lt", "packageFilename": "cyrus-clients-dbgsym_2.5.10-3+deb9u2_ppc64el.deb", "packageName": "cyrus-clients-dbgsym"}, {"OSVersion": "9", "arch": "mipsel", "OS": "Debian", "packageFilename": "libcyrus-imap-perl_2.5.10-3+deb9u2_mipsel.deb", "packageVersion": "2.5.10-3+deb9u2", "operator": "lt", "packageName": "libcyrus-imap-perl"}, {"arch": "s390x", "OSVersion": "10", "OS": "Debian", "packageVersion": "3.0.8-6+deb10u3", "packageFilename": "libcyrus-imap-perl-dbgsym_3.0.8-6+deb10u3_s390x.deb", "operator": "lt", "packageName": "libcyrus-imap-perl-dbgsym"}, {"arch": "arm64", "OSVersion": "10", "packageFilename": "cyrus-nntpd-dbgsym_3.0.8-6+deb10u3_arm64.deb", "OS": "Debian", "packageVersion": "3.0.8-6+deb10u3", "operator": "lt", "packageName": "cyrus-nntpd-dbgsym"}, {"arch": "mips64el", "OSVersion": "10", "OS": "Debian", "packageVersion": "3.0.8-6+deb10u3", "packageFilename": "cyrus-caldav_3.0.8-6+deb10u3_mips64el.deb", "operator": "lt", "packageName": "cyrus-caldav"}, {"OSVersion": "9", "OS": "Debian", "packageVersion": "2.5.10-3+deb9u2", "arch": "ppc64el", "packageFilename": "libcyrus-imap-perl_2.5.10-3+deb9u2_ppc64el.deb", "operator": "lt", "packageName": "libcyrus-imap-perl"}, {"arch": "s390x", "packageFilename": "cyrus-clients-dbgsym_3.0.8-6+deb10u3_s390x.deb", "OSVersion": "10", "OS": "Debian", "packageVersion": "3.0.8-6+deb10u3", "operator": "lt", "packageName": "cyrus-clients-dbgsym"}, {"packageFilename": "cyrus-replication-dbgsym_2.5.10-3+deb9u2_i386.deb", "OSVersion": "9", "arch": "i386", "OS": "Debian", "packageVersion": "2.5.10-3+deb9u2", "operator": "lt", "packageName": "cyrus-replication-dbgsym"}, {"OSVersion": "9", "OS": "Debian", "arch": "amd64", "packageVersion": "2.5.10-3+deb9u2", "packageFilename": "cyrus-clients-dbgsym_2.5.10-3+deb9u2_amd64.deb", "operator": "lt", "packageName": "cyrus-clients-dbgsym"}, {"packageFilename": "cyrus-pop3d_3.0.8-6+deb10u3_amd64.deb", "OSVersion": "10", "OS": "Debian", "arch": "amd64", "packageVersion": "3.0.8-6+deb10u3", "operator": "lt", "packageName": "cyrus-pop3d"}, {"arch": "mips", "OSVersion": "9", "OS": "Debian", "packageVersion": "2.5.10-3+deb9u2", "packageFilename": "cyrus-replication_2.5.10-3+deb9u2_mips.deb", "operator": "lt", "packageName": "cyrus-replication"}, {"arch": "mips64el", "OSVersion": "9", "OS": "Debian", "packageVersion": "2.5.10-3+deb9u2", "packageFilename": "cyrus-common_2.5.10-3+deb9u2_mips64el.deb", "operator": "lt", "packageName": "cyrus-common"}, {"arch": "s390x", "OSVersion": "9", "OS": "Debian", "packageFilename": "cyrus-nntpd-dbgsym_2.5.10-3+deb9u2_s390x.deb", "packageVersion": "2.5.10-3+deb9u2", "operator": "lt", "packageName": "cyrus-nntpd-dbgsym"}, {"operator": "lt", "OSVersion": "9", "arch": "mipsel", "OS": "Debian", "packageVersion": "2.5.10-3+deb9u2", "packageFilename": "cyrus-replication_2.5.10-3+deb9u2_mipsel.deb", "packageName": "cyrus-replication"}, {"arch": "mips64el", "OSVersion": "10", "OS": "Debian", "packageVersion": "3.0.8-6+deb10u3", "operator": "lt", "packageFilename": "cyrus-common-dbgsym_3.0.8-6+deb10u3_mips64el.deb", "packageName": "cyrus-common-dbgsym"}, {"OSVersion": "9", "arch": "i386", "OS": "Debian", "packageVersion": "2.5.10-3+deb9u2", "packageFilename": "cyrus-imapd-dbgsym_2.5.10-3+deb9u2_i386.deb", "operator": "lt", "packageName": "cyrus-imapd-dbgsym"}, {"arch": "arm64", "OSVersion": "10", "OS": "Debian", "packageVersion": "3.0.8-6+deb10u3", "operator": "lt", "packageFilename": "cyrus-murder_3.0.8-6+deb10u3_arm64.deb", "packageName": "cyrus-murder"}, {"OSVersion": "9", "OS": "Debian", "packageVersion": "2.5.10-3+deb9u2", "packageFilename": "cyrus-murder-dbgsym_2.5.10-3+deb9u2_ppc64el.deb", "arch": "ppc64el", "operator": "lt", "packageName": "cyrus-murder-dbgsym"}, {"arch": "s390x", "packageFilename": "cyrus-replication-dbgsym_3.0.8-6+deb10u3_s390x.deb", "OSVersion": "10", "OS": "Debian", "packageVersion": "3.0.8-6+deb10u3", "operator": "lt", "packageName": "cyrus-replication-dbgsym"}, {"OSVersion": "9", "OS": "Debian", "packageFilename": "cyrus-replication-dbgsym_2.5.10-3+deb9u2_ppc64el.deb", "packageVersion": "2.5.10-3+deb9u2", "arch": "ppc64el", "operator": "lt", "packageName": "cyrus-replication-dbgsym"}, {"packageFilename": "libcyrus-imap-perl-dbgsym_2.5.10-3+deb9u2_amd64.deb", "OSVersion": "9", "OS": "Debian", "arch": "amd64", "packageVersion": "2.5.10-3+deb9u2", "operator": "lt", "packageName": "libcyrus-imap-perl-dbgsym"}, {"packageFilename": "cyrus-pop3d-dbgsym_2.5.10-3+deb9u2_mips64el.deb", "arch": "mips64el", "OSVersion": "9", "OS": "Debian", "packageVersion": "2.5.10-3+deb9u2", "operator": "lt", "packageName": "cyrus-pop3d-dbgsym"}, {"arch": "armel", "OSVersion": "10", "OS": "Debian", "packageVersion": "3.0.8-6+deb10u3", "packageFilename": "cyrus-caldav_3.0.8-6+deb10u3_armel.deb", "operator": "lt", "packageName": "cyrus-caldav"}, {"operator": "lt", "arch": "armhf", "OSVersion": "10", "OS": "Debian", "packageVersion": "3.0.8-6+deb10u3", "packageFilename": "cyrus-murder_3.0.8-6+deb10u3_armhf.deb", "packageName": "cyrus-murder"}, {"OSVersion": "10", "packageFilename": "cyrus-common_3.0.8-6+deb10u3_amd64.deb", "OS": "Debian", "arch": "amd64", "packageVersion": "3.0.8-6+deb10u3", "operator": "lt", "packageName": "cyrus-common"}, {"arch": "armel", "OSVersion": "9", "packageFilename": "cyrus-caldav_2.5.10-3+deb9u2_armel.deb", "OS": "Debian", "packageVersion": "2.5.10-3+deb9u2", "operator": "lt", "packageName": "cyrus-caldav"}, {"packageFilename": "cyrus-nntpd_2.5.10-3+deb9u2_arm64.deb", "OSVersion": "9", "arch": "arm64", "OS": "Debian", "packageVersion": "2.5.10-3+deb9u2", "operator": "lt", "packageName": "cyrus-nntpd"}, {"OSVersion": "9", "arch": "armhf", "OS": "Debian", "packageFilename": "cyrus-common-dbgsym_2.5.10-3+deb9u2_armhf.deb", "packageVersion": "2.5.10-3+deb9u2", "operator": "lt", "packageName": "cyrus-common-dbgsym"}, {"arch": "arm64", "OSVersion": "10", "OS": "Debian", "packageFilename": "libcyrus-imap-perl-dbgsym_3.0.8-6+deb10u3_arm64.deb", "packageVersion": "3.0.8-6+deb10u3", "operator": "lt", "packageName": "libcyrus-imap-perl-dbgsym"}, {"arch": "s390x", "packageFilename": "cyrus-replication_2.5.10-3+deb9u2_s390x.deb", "OSVersion": "9", "OS": "Debian", "packageVersion": "2.5.10-3+deb9u2", "operator": "lt", "packageName": "cyrus-replication"}, {"arch": "mips", "packageFilename": "cyrus-imapd_3.0.8-6+deb10u3_mips.deb", "OSVersion": "10", "OS": "Debian", "packageVersion": "3.0.8-6+deb10u3", "operator": "lt", "packageName": "cyrus-imapd"}, {"OSVersion": "9", "packageFilename": "cyrus-clients_2.5.10-3+deb9u2_amd64.deb", "OS": "Debian", "arch": "amd64", "packageVersion": "2.5.10-3+deb9u2", "operator": "lt", "packageName": "cyrus-clients"}, {"OSVersion": "9", "arch": "arm64", "OS": "Debian", "packageVersion": "2.5.10-3+deb9u2", "operator": "lt", "packageFilename": "cyrus-pop3d_2.5.10-3+deb9u2_arm64.deb", "packageName": "cyrus-pop3d"}, {"packageFilename": "cyrus-replication_3.0.8-6+deb10u3_armel.deb", "arch": "armel", "OSVersion": "10", "OS": "Debian", "packageVersion": "3.0.8-6+deb10u3", "operator": "lt", "packageName": "cyrus-replication"}, {"arch": "s390x", "packageFilename": "cyrus-caldav-dbgsym_3.0.8-6+deb10u3_s390x.deb", "OSVersion": "10", "OS": "Debian", "packageVersion": "3.0.8-6+deb10u3", "operator": "lt", "packageName": "cyrus-caldav-dbgsym"}, {"OSVersion": "9", "arch": "arm64", "OS": "Debian", "packageVersion": "2.5.10-3+deb9u2", "operator": "lt", "packageFilename": "cyrus-common-dbgsym_2.5.10-3+deb9u2_arm64.deb", "packageName": "cyrus-common-dbgsym"}, {"packageFilename": "cyrus-common-dbgsym_3.0.8-6+deb10u3_amd64.deb", "OSVersion": "10", "OS": "Debian", "arch": "amd64", "packageVersion": "3.0.8-6+deb10u3", "operator": "lt", "packageName": "cyrus-common-dbgsym"}, {"OSVersion": "10", "packageFilename": "cyrus-replication-dbgsym_3.0.8-6+deb10u3_ppc64el.deb", "OS": "Debian", "arch": "ppc64el", "packageVersion": "3.0.8-6+deb10u3", "operator": "lt", "packageName": "cyrus-replication-dbgsym"}, {"arch": "s390x", "OSVersion": "9", "packageFilename": "cyrus-caldav_2.5.10-3+deb9u2_s390x.deb", "OS": "Debian", "packageVersion": "2.5.10-3+deb9u2", "operator": "lt", "packageName": "cyrus-caldav"}, {"packageFilename": "cyrus-common-dbgsym_3.0.8-6+deb10u3_ppc64el.deb", "OSVersion": "10", "OS": "Debian", "arch": "ppc64el", "packageVersion": "3.0.8-6+deb10u3", "operator": "lt", "packageName": "cyrus-common-dbgsym"}, {"arch": "armel", "packageFilename": "cyrus-common_2.5.10-3+deb9u2_armel.deb", "OSVersion": "9", "OS": "Debian", "packageVersion": "2.5.10-3+deb9u2", "operator": "lt", "packageName": "cyrus-common"}, {"packageFilename": "cyrus-nntpd-dbgsym_3.0.8-6+deb10u3_i386.deb", "arch": "i386", "OSVersion": "10", "OS": "Debian", "packageVersion": "3.0.8-6+deb10u3", "operator": "lt", "packageName": "cyrus-nntpd-dbgsym"}, {"arch": "s390x", "packageFilename": "cyrus-murder-dbgsym_2.5.10-3+deb9u2_s390x.deb", "OSVersion": "9", "OS": "Debian", "packageVersion": "2.5.10-3+deb9u2", "operator": "lt", "packageName": "cyrus-murder-dbgsym"}, {"arch": "i386", "OSVersion": "10", "packageFilename": "cyrus-caldav-dbgsym_3.0.8-6+deb10u3_i386.deb", "OS": "Debian", "packageVersion": "3.0.8-6+deb10u3", "operator": "lt", "packageName": "cyrus-caldav-dbgsym"}, {"OSVersion": "9", "packageFilename": "cyrus-caldav_2.5.10-3+deb9u2_ppc64el.deb", "OS": "Debian", "packageVersion": "2.5.10-3+deb9u2", "arch": "ppc64el", "operator": "lt", "packageName": "cyrus-caldav"}, {"arch": "mipsel", "OSVersion": "10", "OS": "Debian", "packageVersion": "3.0.8-6+deb10u3", "operator": "lt", "packageFilename": "cyrus-caldav-dbgsym_3.0.8-6+deb10u3_mipsel.deb", "packageName": "cyrus-caldav-dbgsym"}, {"OSVersion": "9", "arch": "mipsel", "packageFilename": "cyrus-clients-dbgsym_2.5.10-3+deb9u2_mipsel.deb", "OS": "Debian", "packageVersion": "2.5.10-3+deb9u2", "operator": "lt", "packageName": "cyrus-clients-dbgsym"}, {"OSVersion": "10", "OS": "Debian", "arch": "ppc64el", "packageVersion": "3.0.8-6+deb10u3", "packageFilename": "cyrus-imapd-dbgsym_3.0.8-6+deb10u3_ppc64el.deb", "operator": "lt", "packageName": "cyrus-imapd-dbgsym"}, {"operator": "lt", "arch": "armhf", "OSVersion": "10", "OS": "Debian", "packageVersion": "3.0.8-6+deb10u3", "packageFilename": "cyrus-clients-dbgsym_3.0.8-6+deb10u3_armhf.deb", "packageName": "cyrus-clients-dbgsym"}, {"packageFilename": "cyrus-imapd_3.0.8-6+deb10u3_amd64.deb", "OSVersion": "10", "OS": "Debian", "arch": "amd64", "packageVersion": "3.0.8-6+deb10u3", "operator": "lt", "packageName": "cyrus-imapd"}, {"arch": "armel", "OSVersion": "10", "OS": "Debian", "packageVersion": "3.0.8-6+deb10u3", "operator": "lt", "packageFilename": "cyrus-replication-dbgsym_3.0.8-6+deb10u3_armel.deb", "packageName": "cyrus-replication-dbgsym"}, {"OSVersion": "9", "arch": "mipsel", "OS": "Debian", "packageVersion": "2.5.10-3+deb9u2", "packageFilename": "cyrus-nntpd-dbgsym_2.5.10-3+deb9u2_mipsel.deb", "operator": "lt", "packageName": "cyrus-nntpd-dbgsym"}, {"arch": "mips64el", "OSVersion": "10", "OS": "Debian", "packageFilename": "cyrus-murder-dbgsym_3.0.8-6+deb10u3_mips64el.deb", "packageVersion": "3.0.8-6+deb10u3", "operator": "lt", "packageName": "cyrus-murder-dbgsym"}, {"arch": "arm64", "packageFilename": "cyrus-common_3.0.8-6+deb10u3_arm64.deb", "OSVersion": "10", "OS": "Debian", "packageVersion": "3.0.8-6+deb10u3", "operator": "lt", "packageName": "cyrus-common"}, {"packageFilename": "cyrus-pop3d_3.0.8-6+deb10u3_ppc64el.deb", "OSVersion": "10", "OS": "Debian", "arch": "ppc64el", "packageVersion": "3.0.8-6+deb10u3", "operator": "lt", "packageName": "cyrus-pop3d"}, {"packageFilename": "libcyrus-imap-perl_2.5.10-3+deb9u2_amd64.deb", "OSVersion": "9", "OS": "Debian", "arch": "amd64", "packageVersion": "2.5.10-3+deb9u2", "operator": "lt", "packageName": "libcyrus-imap-perl"}, {"arch": "armel", "operator": "lt", "OSVersion": "10", "OS": "Debian", "packageVersion": "3.0.8-6+deb10u3", "packageFilename": "cyrus-clients_3.0.8-6+deb10u3_armel.deb", "packageName": "cyrus-clients"}, {"OSVersion": "9", "packageFilename": "libcyrus-imap-perl-dbgsym_2.5.10-3+deb9u2_armhf.deb", "arch": "armhf", "OS": "Debian", "packageVersion": "2.5.10-3+deb9u2", "operator": "lt", "packageName": "libcyrus-imap-perl-dbgsym"}, {"arch": "mips64el", "OSVersion": "9", "OS": "Debian", "packageFilename": "cyrus-murder-dbgsym_2.5.10-3+deb9u2_mips64el.deb", "packageVersion": "2.5.10-3+deb9u2", "operator": "lt", "packageName": "cyrus-murder-dbgsym"}, {"packageFilename": "cyrus-nntpd_3.0.8-6+deb10u3_mipsel.deb", "arch": "mipsel", "OSVersion": "10", "OS": "Debian", "packageVersion": "3.0.8-6+deb10u3", "operator": "lt", "packageName": "cyrus-nntpd"}, {"OSVersion": "9", "arch": "arm64", "OS": "Debian", "packageFilename": "cyrus-common_2.5.10-3+deb9u2_arm64.deb", "packageVersion": "2.5.10-3+deb9u2", "operator": "lt", "packageName": "cyrus-common"}, {"packageFilename": "cyrus-common_3.0.8-6+deb10u3_i386.deb", "arch": "i386", "OSVersion": "10", "OS": "Debian", "packageVersion": "3.0.8-6+deb10u3", "operator": "lt", "packageName": "cyrus-common"}, {"OSVersion": "9", "packageFilename": "cyrus-imapd-dbgsym_2.5.10-3+deb9u2_armhf.deb", "arch": "armhf", "OS": "Debian", "packageVersion": "2.5.10-3+deb9u2", "operator": "lt", "packageName": "cyrus-imapd-dbgsym"}, {"operator": "lt", "OSVersion": "9", "OS": "Debian", "packageVersion": "2.5.10-3+deb9u2", "arch": "all", "packageFilename": "cyrus-doc_2.5.10-3+deb9u2_all.deb", "packageName": "cyrus-doc"}, {"OSVersion": "9", "packageFilename": "cyrus-nntpd_2.5.10-3+deb9u2_armhf.deb", "arch": "armhf", "OS": "Debian", "packageVersion": "2.5.10-3+deb9u2", "operator": "lt", "packageName": "cyrus-nntpd"}, {"OSVersion": "9", "packageFilename": "cyrus-imapd_2.5.10-3+deb9u2_mipsel.deb", "arch": "mipsel", "OS": "Debian", "packageVersion": "2.5.10-3+deb9u2", "operator": "lt", "packageName": "cyrus-imapd"}, {"arch": "arm64", "packageFilename": "cyrus-murder-dbgsym_3.0.8-6+deb10u3_arm64.deb", "OSVersion": "10", "OS": "Debian", "packageVersion": "3.0.8-6+deb10u3", "operator": "lt", "packageName": "cyrus-murder-dbgsym"}, {"arch": "mips", "packageFilename": "cyrus-dev_2.5.10-3+deb9u2_mips.deb", "OSVersion": "9", "OS": "Debian", "packageVersion": "2.5.10-3+deb9u2", "operator": "lt", "packageName": "cyrus-dev"}, {"packageFilename": "cyrus-common_3.0.8-6+deb10u3_mipsel.deb", "arch": "mipsel", "OSVersion": "10", "OS": "Debian", "packageVersion": "3.0.8-6+deb10u3", "operator": "lt", "packageName": "cyrus-common"}, {"OSVersion": "9", "packageFilename": "cyrus-imapd_2.5.10-3+deb9u2_amd64.deb", "OS": "Debian", "arch": "amd64", "packageVersion": "2.5.10-3+deb9u2", "operator": "lt", "packageName": "cyrus-imapd"}, {"OSVersion": "9", "packageFilename": "cyrus-pop3d-dbgsym_2.5.10-3+deb9u2_armhf.deb", "arch": "armhf", "OS": "Debian", "packageVersion": "2.5.10-3+deb9u2", "operator": "lt", "packageName": "cyrus-pop3d-dbgsym"}, {"arch": "mips64el", "OSVersion": "9", "packageFilename": "cyrus-caldav-dbgsym_2.5.10-3+deb9u2_mips64el.deb", "OS": "Debian", "packageVersion": "2.5.10-3+deb9u2", "operator": "lt", "packageName": "cyrus-caldav-dbgsym"}, {"packageFilename": "cyrus-murder-dbgsym_2.5.10-3+deb9u2_i386.deb", "OSVersion": "9", "arch": "i386", "OS": "Debian", "packageVersion": "2.5.10-3+deb9u2", "operator": "lt", "packageName": "cyrus-murder-dbgsym"}, {"packageFilename": "cyrus-pop3d-dbgsym_3.0.8-6+deb10u3_ppc64el.deb", "OSVersion": "10", "OS": "Debian", "arch": "ppc64el", "packageVersion": "3.0.8-6+deb10u3", "operator": "lt", "packageName": "cyrus-pop3d-dbgsym"}, {"OSVersion": "9", "OS": "Debian", "packageFilename": "cyrus-replication_2.5.10-3+deb9u2_amd64.deb", "arch": "amd64", "packageVersion": "2.5.10-3+deb9u2", "operator": "lt", "packageName": "cyrus-replication"}, {"arch": "s390x", "packageFilename": "cyrus-imapd-dbgsym_2.5.10-3+deb9u2_s390x.deb", "OSVersion": "9", "OS": "Debian", "packageVersion": "2.5.10-3+deb9u2", "operator": "lt", "packageName": "cyrus-imapd-dbgsym"}, {"OSVersion": "9", "packageFilename": "cyrus-dev_2.5.10-3+deb9u2_ppc64el.deb", "OS": "Debian", "packageVersion": "2.5.10-3+deb9u2", "arch": "ppc64el", "operator": "lt", "packageName": "cyrus-dev"}, {"arch": "mips64el", "OSVersion": "9", "OS": "Debian", "packageVersion": "2.5.10-3+deb9u2", "operator": "lt", "packageFilename": "cyrus-dev_2.5.10-3+deb9u2_mips64el.deb", "packageName": "cyrus-dev"}, {"arch": "mips", "OSVersion": "9", "OS": "Debian", "packageFilename": "libcyrus-imap-perl-dbgsym_2.5.10-3+deb9u2_mips.deb", "packageVersion": "2.5.10-3+deb9u2", "operator": "lt", "packageName": "libcyrus-imap-perl-dbgsym"}, {"arch": "arm64", "OSVersion": "10", "OS": "Debian", "packageFilename": "cyrus-replication-dbgsym_3.0.8-6+deb10u3_arm64.deb", "packageVersion": "3.0.8-6+deb10u3", "operator": "lt", "packageName": "cyrus-replication-dbgsym"}, {"arch": "s390x", "packageFilename": "cyrus-pop3d-dbgsym_3.0.8-6+deb10u3_s390x.deb", "OSVersion": "10", "OS": "Debian", "packageVersion": "3.0.8-6+deb10u3", "operator": "lt", "packageName": "cyrus-pop3d-dbgsym"}, {"packageFilename": "cyrus-replication-dbgsym_3.0.8-6+deb10u3_mipsel.deb", "arch": "mipsel", "OSVersion": "10", "OS": "Debian", "packageVersion": "3.0.8-6+deb10u3", "operator": "lt", "packageName": "cyrus-replication-dbgsym"}, {"OSVersion": "9", "OS": "Debian", "packageFilename": "cyrus-admin_2.5.10-3+deb9u2_all.deb", "packageVersion": "2.5.10-3+deb9u2", "arch": "all", "operator": "lt", "packageName": "cyrus-admin"}, {"arch": "s390x", "OSVersion": "9", "OS": "Debian", "packageVersion": "2.5.10-3+deb9u2", "operator": "lt", "packageFilename": "cyrus-replication-dbgsym_2.5.10-3+deb9u2_s390x.deb", "packageName": "cyrus-replication-dbgsym"}, {"arch": "mips64el", "OSVersion": "10", "OS": "Debian", "packageFilename": "cyrus-murder_3.0.8-6+deb10u3_mips64el.deb", "packageVersion": "3.0.8-6+deb10u3", "operator": "lt", "packageName": "cyrus-murder"}, {"arch": "armel", "OSVersion": "9", "OS": "Debian", "packageVersion": "2.5.10-3+deb9u2", "packageFilename": "cyrus-pop3d_2.5.10-3+deb9u2_armel.deb", "operator": "lt", "packageName": "cyrus-pop3d"}, {"packageFilename": "cyrus-murder_3.0.8-6+deb10u3_ppc64el.deb", "OSVersion": "10", "OS": "Debian", "arch": "ppc64el", "packageVersion": "3.0.8-6+deb10u3", "operator": "lt", "packageName": "cyrus-murder"}, {"OSVersion": "10", "OS": "Debian", "arch": "amd64", "packageVersion": "3.0.8-6+deb10u3", "packageFilename": "cyrus-clients-dbgsym_3.0.8-6+deb10u3_amd64.deb", "operator": "lt", "packageName": "cyrus-clients-dbgsym"}, {"arch": "mips64el", "OSVersion": "10", "OS": "Debian", "packageFilename": "cyrus-nntpd-dbgsym_3.0.8-6+deb10u3_mips64el.deb", "packageVersion": "3.0.8-6+deb10u3", "operator": "lt", "packageName": "cyrus-nntpd-dbgsym"}, {"OSVersion": "9", "arch": "arm64", "packageFilename": "cyrus-clients-dbgsym_2.5.10-3+deb9u2_arm64.deb", "OS": "Debian", "packageVersion": "2.5.10-3+deb9u2", "operator": "lt", "packageName": "cyrus-clients-dbgsym"}, {"arch": "mips", "OSVersion": "9", "OS": "Debian", "packageVersion": "2.5.10-3+deb9u2", "packageFilename": "cyrus-clients_2.5.10-3+deb9u2_mips.deb", "operator": "lt", "packageName": "cyrus-clients"}, {"packageFilename": "cyrus-murder_2.5.10-3+deb9u2_mips64el.deb", "arch": "mips64el", "OSVersion": "9", "OS": "Debian", "packageVersion": "2.5.10-3+deb9u2", "operator": "lt", "packageName": "cyrus-murder"}, {"arch": "armel", "packageFilename": "cyrus-imapd_3.0.8-6+deb10u3_armel.deb", "OSVersion": "10", "OS": "Debian", "packageVersion": "3.0.8-6+deb10u3", "operator": "lt", "packageName": "cyrus-imapd"}, {"arch": "armel", "OSVersion": "10", "OS": "Debian", "packageFilename": "cyrus-caldav-dbgsym_3.0.8-6+deb10u3_armel.deb", "packageVersion": "3.0.8-6+deb10u3", "operator": "lt", "packageName": "cyrus-caldav-dbgsym"}, {"packageFilename": "libcyrus-imap-perl_2.5.10-3+deb9u2_armhf.deb", "OSVersion": "9", "arch": "armhf", "OS": "Debian", "packageVersion": "2.5.10-3+deb9u2", "operator": "lt", "packageName": "libcyrus-imap-perl"}, {"OSVersion": "9", "arch": "armhf", "OS": "Debian", "packageVersion": "2.5.10-3+deb9u2", "operator": "lt", "packageFilename": "cyrus-pop3d_2.5.10-3+deb9u2_armhf.deb", "packageName": "cyrus-pop3d"}, {"arch": "armel", "OSVersion": "9", "packageFilename": "cyrus-murder_2.5.10-3+deb9u2_armel.deb", "OS": "Debian", "packageVersion": "2.5.10-3+deb9u2", "operator": "lt", "packageName": "cyrus-murder"}, {"packageFilename": "cyrus-common-dbgsym_2.5.10-3+deb9u2_amd64.deb", "OSVersion": "9", "OS": "Debian", "arch": "amd64", "packageVersion": "2.5.10-3+deb9u2", "operator": "lt", "packageName": "cyrus-common-dbgsym"}, {"packageFilename": "cyrus-imapd_2.5.10-3+deb9u2_arm64.deb", "OSVersion": "9", "arch": "arm64", "OS": "Debian", "packageVersion": "2.5.10-3+deb9u2", "operator": "lt", "packageName": "cyrus-imapd"}, {"arch": "armel", "packageFilename": "cyrus-nntpd-dbgsym_3.0.8-6+deb10u3_armel.deb", "OSVersion": "10", "OS": "Debian", "packageVersion": "3.0.8-6+deb10u3", "operator": "lt", "packageName": "cyrus-nntpd-dbgsym"}, {"OSVersion": "10", "OS": "Debian", "arch": "amd64", "packageVersion": "3.0.8-6+deb10u3", "packageFilename": "cyrus-nntpd_3.0.8-6+deb10u3_amd64.deb", "operator": "lt", "packageName": "cyrus-nntpd"}, {"operator": "lt", "arch": "mipsel", "OSVersion": "10", "OS": "Debian", "packageVersion": "3.0.8-6+deb10u3", "packageFilename": "cyrus-clients_3.0.8-6+deb10u3_mipsel.deb", "packageName": "cyrus-clients"}, {"arch": "armel", "OSVersion": "9", "OS": "Debian", "packageVersion": "2.5.10-3+deb9u2", "packageFilename": "cyrus-nntpd_2.5.10-3+deb9u2_armel.deb", "operator": "lt", "packageName": "cyrus-nntpd"}, {"packageFilename": "cyrus-clients_2.5.10-3+deb9u2_mipsel.deb", "OSVersion": "9", "arch": "mipsel", "OS": "Debian", "packageVersion": "2.5.10-3+deb9u2", "operator": "lt", "packageName": "cyrus-clients"}, {"packageFilename": "cyrus-imapd_3.0.8-6+deb10u3_mipsel.deb", "arch": "mipsel", "OSVersion": "10", "OS": "Debian", "packageVersion": "3.0.8-6+deb10u3", "operator": "lt", "packageName": "cyrus-imapd"}, {"arch": "mips", "packageFilename": "cyrus-common_3.0.8-6+deb10u3_mips.deb", "OSVersion": "10", "OS": "Debian", "packageVersion": "3.0.8-6+deb10u3", "operator": "lt", "packageName": "cyrus-common"}, {"arch": "mips", "OSVersion": "9", "OS": "Debian", "packageFilename": "cyrus-caldav-dbgsym_2.5.10-3+deb9u2_mips.deb", "packageVersion": "2.5.10-3+deb9u2", "operator": "lt", "packageName": "cyrus-caldav-dbgsym"}, {"OSVersion": "9", "OS": "Debian", "packageFilename": "cyrus-murder-dbgsym_2.5.10-3+deb9u2_amd64.deb", "arch": "amd64", "packageVersion": "2.5.10-3+deb9u2", "operator": "lt", "packageName": "cyrus-murder-dbgsym"}, {"packageFilename": "libcyrus-imap-perl-dbgsym_3.0.8-6+deb10u3_amd64.deb", "OSVersion": "10", "OS": "Debian", "arch": "amd64", "packageVersion": "3.0.8-6+deb10u3", "operator": "lt", "packageName": "libcyrus-imap-perl-dbgsym"}, {"arch": "i386", "OSVersion": "10", "OS": "Debian", "packageFilename": "cyrus-nntpd_3.0.8-6+deb10u3_i386.deb", "packageVersion": "3.0.8-6+deb10u3", "operator": "lt", "packageName": "cyrus-nntpd"}, {"OSVersion": "9", "arch": "mipsel", "packageFilename": "cyrus-caldav_2.5.10-3+deb9u2_mipsel.deb", "OS": "Debian", "packageVersion": "2.5.10-3+deb9u2", "operator": "lt", "packageName": "cyrus-caldav"}, {"arch": "armel", "OSVersion": "10", "OS": "Debian", "packageFilename": "libcyrus-imap-perl-dbgsym_3.0.8-6+deb10u3_armel.deb", "packageVersion": "3.0.8-6+deb10u3", "operator": "lt", "packageName": "libcyrus-imap-perl-dbgsym"}, {"arch": "mipsel", "OSVersion": "10", "packageFilename": "cyrus-clients-dbgsym_3.0.8-6+deb10u3_mipsel.deb", "OS": "Debian", "packageVersion": "3.0.8-6+deb10u3", "operator": "lt", "packageName": "cyrus-clients-dbgsym"}, {"arch": "mips64el", "OSVersion": "9", "OS": "Debian", "packageVersion": "2.5.10-3+deb9u2", "packageFilename": "cyrus-replication-dbgsym_2.5.10-3+deb9u2_mips64el.deb", "operator": "lt", "packageName": "cyrus-replication-dbgsym"}, {"OSVersion": "9", "packageFilename": "cyrus-nntpd_2.5.10-3+deb9u2_ppc64el.deb", "OS": "Debian", "packageVersion": "2.5.10-3+deb9u2", "arch": "ppc64el", "operator": "lt", "packageName": "cyrus-nntpd"}, {"arch": "mips", "packageFilename": "cyrus-nntpd-dbgsym_3.0.8-6+deb10u3_mips.deb", "OSVersion": "10", "OS": "Debian", "packageVersion": "3.0.8-6+deb10u3", "operator": "lt", "packageName": "cyrus-nntpd-dbgsym"}, {"arch": "mips", "packageFilename": "cyrus-common-dbgsym_3.0.8-6+deb10u3_mips.deb", "OSVersion": "10", "OS": "Debian", "packageVersion": "3.0.8-6+deb10u3", "operator": "lt", "packageName": "cyrus-common-dbgsym"}, {"packageFilename": "cyrus-imapd_3.0.8-6+deb10u3_i386.deb", "arch": "i386", "OSVersion": "10", "OS": "Debian", "packageVersion": "3.0.8-6+deb10u3", "operator": "lt", "packageName": "cyrus-imapd"}, {"packageFilename": "cyrus-imapd-dbgsym_3.0.8-6+deb10u3_arm64.deb", "arch": "arm64", "OSVersion": "10", "OS": "Debian", "packageVersion": "3.0.8-6+deb10u3", "operator": "lt", "packageName": "cyrus-imapd-dbgsym"}, {"arch": "armel", "OSVersion": "9", "packageFilename": "cyrus-common-dbgsym_2.5.10-3+deb9u2_armel.deb", "OS": "Debian", "packageVersion": "2.5.10-3+deb9u2", "operator": "lt", "packageName": "cyrus-common-dbgsym"}, {"OSVersion": "9", "packageFilename": "cyrus-caldav-dbgsym_2.5.10-3+deb9u2_amd64.deb", "OS": "Debian", "arch": "amd64", "packageVersion": "2.5.10-3+deb9u2", "operator": "lt", "packageName": "cyrus-caldav-dbgsym"}, {"OSVersion": "9", "OS": "Debian", "packageVersion": "2.5.10-3+deb9u2", "arch": "ppc64el", "operator": "lt", "packageFilename": "libcyrus-imap-perl-dbgsym_2.5.10-3+deb9u2_ppc64el.deb", "packageName": "libcyrus-imap-perl-dbgsym"}, {"packageFilename": "cyrus-dev_2.5.10-3+deb9u2_armhf.deb", "OSVersion": "9", "arch": "armhf", "OS": "Debian", "packageVersion": "2.5.10-3+deb9u2", "operator": "lt", "packageName": "cyrus-dev"}, {"OSVersion": "10", "OS": "Debian", "arch": "ppc64el", "packageVersion": "3.0.8-6+deb10u3", "packageFilename": "cyrus-common_3.0.8-6+deb10u3_ppc64el.deb", "operator": "lt", "packageName": "cyrus-common"}, {"OSVersion": "9", "packageFilename": "cyrus-caldav-dbgsym_2.5.10-3+deb9u2_armhf.deb", "arch": "armhf", "OS": "Debian", "packageVersion": "2.5.10-3+deb9u2", "operator": "lt", "packageName": "cyrus-caldav-dbgsym"}, {"arch": "mips", "OSVersion": "9", "OS": "Debian", "packageFilename": "cyrus-imapd_2.5.10-3+deb9u2_mips.deb", "packageVersion": "2.5.10-3+deb9u2", "operator": "lt", "packageName": "cyrus-imapd"}, {"arch": "mips", "OSVersion": "9", "packageFilename": "cyrus-pop3d-dbgsym_2.5.10-3+deb9u2_mips.deb", "OS": "Debian", "packageVersion": "2.5.10-3+deb9u2", "operator": "lt", "packageName": "cyrus-pop3d-dbgsym"}, {"arch": "s390x", "OSVersion": "9", "OS": "Debian", "packageVersion": "2.5.10-3+deb9u2", "packageFilename": "cyrus-pop3d_2.5.10-3+deb9u2_s390x.deb", "operator": "lt", "packageName": "cyrus-pop3d"}, {"arch": "s390x", "OSVersion": "10", "OS": "Debian", "packageFilename": "cyrus-caldav_3.0.8-6+deb10u3_s390x.deb", "packageVersion": "3.0.8-6+deb10u3", "operator": "lt", "packageName": "cyrus-caldav"}, {"arch": "armel", "packageFilename": "cyrus-pop3d-dbgsym_2.5.10-3+deb9u2_armel.deb", "OSVersion": "9", "OS": "Debian", "packageVersion": "2.5.10-3+deb9u2", "operator": "lt", "packageName": "cyrus-pop3d-dbgsym"}, {"OSVersion": "9", "OS": "Debian", "arch": "amd64", "packageFilename": "cyrus-pop3d_2.5.10-3+deb9u2_amd64.deb", "packageVersion": "2.5.10-3+deb9u2", "operator": "lt", "packageName": "cyrus-pop3d"}, {"OSVersion": "9", "arch": "i386", "OS": "Debian", "packageFilename": "cyrus-nntpd-dbgsym_2.5.10-3+deb9u2_i386.deb", "packageVersion": "2.5.10-3+deb9u2", "operator": "lt", "packageName": "cyrus-nntpd-dbgsym"}, {"packageFilename": "libcyrus-imap-perl-dbgsym_2.5.10-3+deb9u2_i386.deb", "OSVersion": "9", "arch": "i386", "OS": "Debian", "packageVersion": "2.5.10-3+deb9u2", "operator": "lt", "packageName": "libcyrus-imap-perl-dbgsym"}, {"arch": "armel", "OSVersion": "10", "packageFilename": "cyrus-common_3.0.8-6+deb10u3_armel.deb", "OS": "Debian", "packageVersion": "3.0.8-6+deb10u3", "operator": "lt", "packageName": "cyrus-common"}, {"operator": "lt", "arch": "i386", "OSVersion": "10", "OS": "Debian", "packageVersion": "3.0.8-6+deb10u3", "packageFilename": "cyrus-murder-dbgsym_3.0.8-6+deb10u3_i386.deb", "packageName": "cyrus-murder-dbgsym"}, {"arch": "armel", "packageFilename": "cyrus-murder_3.0.8-6+deb10u3_armel.deb", "OSVersion": "10", "OS": "Debian", "packageVersion": "3.0.8-6+deb10u3", "operator": "lt", "packageName": "cyrus-murder"}, {"OSVersion": "9", "arch": "arm64", "OS": "Debian", "packageVersion": "2.5.10-3+deb9u2", "packageFilename": "cyrus-caldav-dbgsym_2.5.10-3+deb9u2_arm64.deb", "operator": "lt", "packageName": "cyrus-caldav-dbgsym"}, {"arch": "mips", "OSVersion": "9", "OS": "Debian", "packageVersion": "2.5.10-3+deb9u2", "packageFilename": "cyrus-replication-dbgsym_2.5.10-3+deb9u2_mips.deb", "operator": "lt", "packageName": "cyrus-replication-dbgsym"}, {"arch": "armel", "OSVersion": "9", "OS": "Debian", "packageVersion": "2.5.10-3+deb9u2", "packageFilename": "cyrus-nntpd-dbgsym_2.5.10-3+deb9u2_armel.deb", "operator": "lt", "packageName": "cyrus-nntpd-dbgsym"}, {"OSVersion": "10", "OS": "Debian", "arch": "ppc64el", "packageVersion": "3.0.8-6+deb10u3", "packageFilename": "cyrus-caldav_3.0.8-6+deb10u3_ppc64el.deb", "operator": "lt", "packageName": "cyrus-caldav"}, {"packageFilename": "cyrus-clients_3.0.8-6+deb10u3_ppc64el.deb", "OSVersion": "10", "OS": "Debian", "arch": "ppc64el", "packageVersion": "3.0.8-6+deb10u3", "operator": "lt", "packageName": "cyrus-clients"}, {"arch": "mipsel", "OSVersion": "10", "OS": "Debian", "packageVersion": "3.0.8-6+deb10u3", "operator": "lt", "packageFilename": "cyrus-pop3d_3.0.8-6+deb10u3_mipsel.deb", "packageName": "cyrus-pop3d"}, {"arch": "arm64", "OSVersion": "10", "OS": "Debian", "packageFilename": "cyrus-pop3d-dbgsym_3.0.8-6+deb10u3_arm64.deb", "packageVersion": "3.0.8-6+deb10u3", "operator": "lt", "packageName": "cyrus-pop3d-dbgsym"}, {"OSVersion": "10", "OS": "Debian", "arch": "amd64", "packageFilename": "cyrus-nntpd-dbgsym_3.0.8-6+deb10u3_amd64.deb", "packageVersion": "3.0.8-6+deb10u3", "operator": "lt", "packageName": "cyrus-nntpd-dbgsym"}, {"OSVersion": "10", "OS": "Debian", "packageFilename": "cyrus-murder_3.0.8-6+deb10u3_amd64.deb", "arch": "amd64", "packageVersion": "3.0.8-6+deb10u3", "operator": "lt", "packageName": "cyrus-murder"}, {"arch": "mips64el", "packageFilename": "cyrus-clients-dbgsym_3.0.8-6+deb10u3_mips64el.deb", "OSVersion": "10", "OS": "Debian", "packageVersion": "3.0.8-6+deb10u3", "operator": "lt", "packageName": "cyrus-clients-dbgsym"}, {"arch": "mips64el", "operator": "lt", "OSVersion": "9", "OS": "Debian", "packageVersion": "2.5.10-3+deb9u2", "packageFilename": "cyrus-nntpd-dbgsym_2.5.10-3+deb9u2_mips64el.deb", "packageName": "cyrus-nntpd-dbgsym"}, {"arch": "armhf", "packageFilename": "cyrus-replication-dbgsym_3.0.8-6+deb10u3_armhf.deb", "OSVersion": "10", "OS": "Debian", "packageVersion": "3.0.8-6+deb10u3", "operator": "lt", "packageName": "cyrus-replication-dbgsym"}, {"arch": "s390x", "OSVersion": "9", "OS": "Debian", "packageFilename": "libcyrus-imap-perl_2.5.10-3+deb9u2_s390x.deb", "packageVersion": "2.5.10-3+deb9u2", "operator": "lt", "packageName": "libcyrus-imap-perl"}, {"arch": "mips64el", "OSVersion": "10", "packageFilename": "libcyrus-imap-perl-dbgsym_3.0.8-6+deb10u3_mips64el.deb", "OS": "Debian", "packageVersion": "3.0.8-6+deb10u3", "operator": "lt", "packageName": "libcyrus-imap-perl-dbgsym"}, {"packageFilename": "cyrus-imapd_2.5.10-3+deb9u2_armhf.deb", "OSVersion": "9", "arch": "armhf", "OS": "Debian", "packageVersion": "2.5.10-3+deb9u2", "operator": "lt", "packageName": "cyrus-imapd"}, {"OSVersion": "9", "packageFilename": "cyrus-common-dbgsym_2.5.10-3+deb9u2_ppc64el.deb", "OS": "Debian", "packageVersion": "2.5.10-3+deb9u2", "arch": "ppc64el", "operator": "lt", "packageName": "cyrus-common-dbgsym"}, {"packageFilename": "cyrus-nntpd_3.0.8-6+deb10u3_armhf.deb", "arch": "armhf", "OSVersion": "10", "OS": "Debian", "packageVersion": "3.0.8-6+deb10u3", "operator": "lt", "packageName": "cyrus-nntpd"}, {"OSVersion": "9", "OS": "Debian", "arch": "amd64", "packageFilename": "cyrus-replication-dbgsym_2.5.10-3+deb9u2_amd64.deb", "packageVersion": "2.5.10-3+deb9u2", "operator": "lt", "packageName": "cyrus-replication-dbgsym"}, {"arch": "mips", "OSVersion": "9", "packageFilename": "cyrus-imapd-dbgsym_2.5.10-3+deb9u2_mips.deb", "OS": "Debian", "packageVersion": "2.5.10-3+deb9u2", "operator": "lt", "packageName": "cyrus-imapd-dbgsym"}, {"packageFilename": "cyrus-common-dbgsym_3.0.8-6+deb10u3_armhf.deb", "arch": "armhf", "OSVersion": "10", "OS": "Debian", "packageVersion": "3.0.8-6+deb10u3", "operator": "lt", "packageName": "cyrus-common-dbgsym"}, {"arch": "mips64el", "OSVersion": "9", "OS": "Debian", "packageVersion": "2.5.10-3+deb9u2", "packageFilename": "cyrus-nntpd_2.5.10-3+deb9u2_mips64el.deb", "operator": "lt", "packageName": "cyrus-nntpd"}, {"arch": "mips64el", "OSVersion": "9", "packageFilename": "cyrus-clients-dbgsym_2.5.10-3+deb9u2_mips64el.deb", "OS": "Debian", "packageVersion": "2.5.10-3+deb9u2", "operator": "lt", "packageName": "cyrus-clients-dbgsym"}, {"OSVersion": "9", "OS": "Debian", "packageFilename": "cyrus-murder_2.5.10-3+deb9u2_ppc64el.deb", "packageVersion": "2.5.10-3+deb9u2", "arch": "ppc64el", "operator": "lt", "packageName": "cyrus-murder"}, {"operator": "lt", "OSVersion": "9", "OS": "Debian", "arch": "amd64", "packageVersion": "2.5.10-3+deb9u2", "packageFilename": "cyrus-nntpd_2.5.10-3+deb9u2_amd64.deb", "packageName": "cyrus-nntpd"}, {"packageFilename": "cyrus-imapd_3.0.8-6+deb10u3_armhf.deb", "arch": "armhf", "OSVersion": "10", "OS": "Debian", "packageVersion": "3.0.8-6+deb10u3", "operator": "lt", "packageName": "cyrus-imapd"}, {"packageFilename": "cyrus-murder-dbgsym_3.0.8-6+deb10u3_mipsel.deb", "arch": "mipsel", "OSVersion": "10", "OS": "Debian", "packageVersion": "3.0.8-6+deb10u3", "operator": "lt", "packageName": "cyrus-murder-dbgsym"}, {"arch": "arm64", "OSVersion": "10", "OS": "Debian", "packageVersion": "3.0.8-6+deb10u3", "packageFilename": "cyrus-imapd_3.0.8-6+deb10u3_arm64.deb", "operator": "lt", "packageName": "cyrus-imapd"}, {"arch": "s390x", "packageFilename": "cyrus-murder-dbgsym_3.0.8-6+deb10u3_s390x.deb", "OSVersion": "10", "OS": "Debian", "packageVersion": "3.0.8-6+deb10u3", "operator": "lt", "packageName": "cyrus-murder-dbgsym"}, {"packageFilename": "cyrus-clients_2.5.10-3+deb9u2_arm64.deb", "OSVersion": "9", "arch": "arm64", "OS": "Debian", "packageVersion": "2.5.10-3+deb9u2", "operator": "lt", "packageName": "cyrus-clients"}, {"arch": "s390x", "packageFilename": "cyrus-nntpd-dbgsym_3.0.8-6+deb10u3_s390x.deb", "OSVersion": "10", "OS": "Debian", "packageVersion": "3.0.8-6+deb10u3", "operator": "lt", "packageName": "cyrus-nntpd-dbgsym"}, {"arch": "s390x", "OSVersion": "9", "packageFilename": "cyrus-caldav-dbgsym_2.5.10-3+deb9u2_s390x.deb", "OS": "Debian", "packageVersion": "2.5.10-3+deb9u2", "operator": "lt", "packageName": "cyrus-caldav-dbgsym"}, {"packageFilename": "cyrus-pop3d-dbgsym_3.0.8-6+deb10u3_armhf.deb", "arch": "armhf", "OSVersion": "10", "OS": "Debian", "packageVersion": "3.0.8-6+deb10u3", "operator": "lt", "packageName": "cyrus-pop3d-dbgsym"}, {"OSVersion": "9", "arch": "mipsel", "OS": "Debian", "packageVersion": "2.5.10-3+deb9u2", "packageFilename": "cyrus-caldav-dbgsym_2.5.10-3+deb9u2_mipsel.deb", "operator": "lt", "packageName": "cyrus-caldav-dbgsym"}, {"OSVersion": "9", "arch": "i386", "OS": "Debian", "packageVersion": "2.5.10-3+deb9u2", "packageFilename": "cyrus-replication_2.5.10-3+deb9u2_i386.deb", "operator": "lt", "packageName": "cyrus-replication"}, {"OSVersion": "10", "packageFilename": "cyrus-murder-dbgsym_3.0.8-6+deb10u3_amd64.deb", "OS": "Debian", "arch": "amd64", "packageVersion": "3.0.8-6+deb10u3", "operator": "lt", "packageName": "cyrus-murder-dbgsym"}, {"packageFilename": "libcyrus-imap-perl-dbgsym_3.0.8-6+deb10u3_armhf.deb", "arch": "armhf", "OSVersion": "10", "OS": "Debian", "packageVersion": "3.0.8-6+deb10u3", "operator": "lt", "packageName": "libcyrus-imap-perl-dbgsym"}, {"packageFilename": "cyrus-murder_2.5.10-3+deb9u2_arm64.deb", "OSVersion": "9", "arch": "arm64", "OS": "Debian", "packageVersion": "2.5.10-3+deb9u2", "operator": "lt", "packageName": "cyrus-murder"}, {"OSVersion": "9", "packageFilename": "cyrus-imapd-dbgsym_2.5.10-3+deb9u2_arm64.deb", "arch": "arm64", "OS": "Debian", "packageVersion": "2.5.10-3+deb9u2", "operator": "lt", "packageName": "cyrus-imapd-dbgsym"}, {"OSVersion": "9", "arch": "mipsel", "OS": "Debian", "packageVersion": "2.5.10-3+deb9u2", "packageFilename": "cyrus-murder_2.5.10-3+deb9u2_mipsel.deb", "operator": "lt", "packageName": "cyrus-murder"}, {"packageFilename": "cyrus-replication_3.0.8-6+deb10u3_armhf.deb", "arch": "armhf", "OSVersion": "10", "OS": "Debian", "packageVersion": "3.0.8-6+deb10u3", "operator": "lt", "packageName": "cyrus-replication"}, {"arch": "s390x", "packageFilename": "cyrus-nntpd_3.0.8-6+deb10u3_s390x.deb", "OSVersion": "10", "OS": "Debian", "packageVersion": "3.0.8-6+deb10u3", "operator": "lt", "packageName": "cyrus-nntpd"}, {"OSVersion": "9", "OS": "Debian", "arch": "amd64", "packageVersion": "2.5.10-3+deb9u2", "operator": "lt", "packageFilename": "cyrus-nntpd-dbgsym_2.5.10-3+deb9u2_amd64.deb", "packageName": "cyrus-nntpd-dbgsym"}, {"OSVersion": "9", "arch": "arm64", "OS": "Debian", "packageVersion": "2.5.10-3+deb9u2", "packageFilename": "libcyrus-imap-perl_2.5.10-3+deb9u2_arm64.deb", "operator": "lt", "packageName": "libcyrus-imap-perl"}, {"arch": "mipsel", "packageFilename": "cyrus-dev_3.0.8-6+deb10u3_mipsel.deb", "OSVersion": "10", "OS": "Debian", "packageVersion": "3.0.8-6+deb10u3", "operator": "lt", "packageName": "cyrus-dev"}, {"arch": "i386", "OSVersion": "10", "OS": "Debian", "packageVersion": "3.0.8-6+deb10u3", "packageFilename": "cyrus-imapd-dbgsym_3.0.8-6+deb10u3_i386.deb", "operator": "lt", "packageName": "cyrus-imapd-dbgsym"}, {"arch": "arm64", "OSVersion": "10", "OS": "Debian", "packageVersion": "3.0.8-6+deb10u3", "packageFilename": "cyrus-clients_3.0.8-6+deb10u3_arm64.deb", "operator": "lt", "packageName": "cyrus-clients"}, {"arch": "mips64el", "OSVersion": "10", "OS": "Debian", "packageVersion": "3.0.8-6+deb10u3", "packageFilename": "cyrus-pop3d-dbgsym_3.0.8-6+deb10u3_mips64el.deb", "operator": "lt", "packageName": "cyrus-pop3d-dbgsym"}, {"arch": "armel", "OSVersion": "9", "OS": "Debian", "packageFilename": "cyrus-caldav-dbgsym_2.5.10-3+deb9u2_armel.deb", "packageVersion": "2.5.10-3+deb9u2", "operator": "lt", "packageName": "cyrus-caldav-dbgsym"}, {"packageFilename": "cyrus-caldav_3.0.8-6+deb10u3_i386.deb", "arch": "i386", "OSVersion": "10", "OS": "Debian", "packageVersion": "3.0.8-6+deb10u3", "operator": "lt", "packageName": "cyrus-caldav"}, {"arch": "mips64el", "OSVersion": "10", "OS": "Debian", "packageVersion": "3.0.8-6+deb10u3", "packageFilename": "cyrus-common_3.0.8-6+deb10u3_mips64el.deb", "operator": "lt", "packageName": "cyrus-common"}, {"arch": "s390x", "packageFilename": "libcyrus-imap-perl-dbgsym_2.5.10-3+deb9u2_s390x.deb", "OSVersion": "9", "OS": "Debian", "packageVersion": "2.5.10-3+deb9u2", "operator": "lt", "packageName": "libcyrus-imap-perl-dbgsym"}, {"arch": "mips64el", "OSVersion": "9", "OS": "Debian", "packageVersion": "2.5.10-3+deb9u2", "packageFilename": "cyrus-caldav_2.5.10-3+deb9u2_mips64el.deb", "operator": "lt", "packageName": "cyrus-caldav"}, {"OSVersion": "9", "OS": "Debian", "arch": "amd64", "packageVersion": "2.5.10-3+deb9u2", "operator": "lt", "packageFilename": "cyrus-common_2.5.10-3+deb9u2_amd64.deb", "packageName": "cyrus-common"}, {"OSVersion": "9", "OS": "Debian", "arch": "amd64", "packageVersion": "2.5.10-3+deb9u2", "packageFilename": "cyrus-caldav_2.5.10-3+deb9u2_amd64.deb", "operator": "lt", "packageName": "cyrus-caldav"}, {"OSVersion": "10", "packageFilename": "cyrus-clients-dbgsym_3.0.8-6+deb10u3_ppc64el.deb", "OS": "Debian", "arch": "ppc64el", "packageVersion": "3.0.8-6+deb10u3", "operator": "lt", "packageName": "cyrus-clients-dbgsym"}, {"arch": "s390x", "OSVersion": "9", "packageFilename": "cyrus-murder_2.5.10-3+deb9u2_s390x.deb", "OS": "Debian", "packageVersion": "2.5.10-3+deb9u2", "operator": "lt", "packageName": "cyrus-murder"}, {"arch": "armhf", "OSVersion": "10", "OS": "Debian", "packageVersion": "3.0.8-6+deb10u3", "packageFilename": "cyrus-caldav_3.0.8-6+deb10u3_armhf.deb", "operator": "lt", "packageName": "cyrus-caldav"}, {"arch": "mips64el", "OSVersion": "10", "OS": "Debian", "packageVersion": "3.0.8-6+deb10u3", "operator": "lt", "packageFilename": "cyrus-caldav-dbgsym_3.0.8-6+deb10u3_mips64el.deb", "packageName": "cyrus-caldav-dbgsym"}, {"arch": "mips64el", "OSVersion": "10", "OS": "Debian", "packageVersion": "3.0.8-6+deb10u3", "operator": "lt", "packageFilename": "cyrus-imapd_3.0.8-6+deb10u3_mips64el.deb", "packageName": "cyrus-imapd"}], "_state": {"dependencies": 1645765444}}

{"debiancve": [{"lastseen": "2022-05-11T07:35:06", "description": "An issue was discovered in Cyrus IMAP before 2.5.15, 3.0.x before 3.0.13, and 3.1.x through 3.1.8. If sieve script uploading is allowed (3.x) or certain non-default sieve options are enabled (2.x), a user with a mail account on the service can use a sieve script containing a fileinto directive to create any mailbox with administrator privileges, because of folder mishandling in autosieve_createfolder() in imap/lmtp_sieve.c.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-12-16T14:15:00", "type": "debiancve", "title": "CVE-2019-19783", "bulletinFamily": "info", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 3.5, "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-19783"], "modified": "2019-12-16T14:15:00", "id": "DEBIANCVE:CVE-2019-19783", "href": "https://security-tracker.debian.org/tracker/CVE-2019-19783", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}}], "redhatcve": [{"lastseen": "2021-09-02T22:37:46", "description": "An issue was discovered in Cyrus IMAP before 2.5.15, 3.0.x before 3.0.13, and 3.1.x through 3.1.8. If sieve script uploading is allowed (3.x) or certain non-default sieve options are enabled (2.x), a user with a mail account on the service can use a sieve script containing a fileinto directive to create any mailbox with administrator privileges, because of folder mishandling in autosieve_createfolder() in imap/lmtp_sieve.c.\n#### Mitigation\n\nThis flaw can be mitigated by: \n1\\. In cyrus-imapd >= 2.5 disable anysievefolder (it is disabled by default) \n2\\. In cyrus-imapd >=3.0 disable sieve_extensions \n\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 6.5, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2019-12-27T18:08:53", "type": "redhatcve", "title": "CVE-2019-19783", "bulletinFamily": "info", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 3.5, "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-19783"], "modified": "2020-11-04T13:40:19", "id": "RH:CVE-2019-19783", "href": "https://access.redhat.com/security/cve/cve-2019-19783", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}}], "mageia": [{"lastseen": "2022-04-18T11:19:34", "description": "Updated cyrus-imapd packages fix security vulnerability: It was discovered that the lmtpd component of the Cyrus IMAP server created mailboxes with administrator privileges if the \"fileinto\" was used, bypassing ACL checks (CVE-2019-19783). \n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-01-05T15:37:51", "type": "mageia", "title": "Updated cyrus-imapd packages fix security vulnerability\n", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 3.5, "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-19783"], "modified": "2020-01-05T15:37:51", "id": "MGASA-2020-0010", "href": "https://advisories.mageia.org/MGASA-2020-0010.html", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}}], "openvas": [{"lastseen": "2020-01-08T13:03:19", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-12-21T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 4590-1 (cyrus-imapd - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-19783"], "modified": "2020-01-06T00:00:00", "id": "OPENVAS:1361412562310704590", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310704590", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.704590\");\n script_version(\"2020-01-06T10:43:33+0000\");\n script_cve_id(\"CVE-2019-19783\");\n script_tag(name:\"cvss_base\", value:\"3.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:N/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-01-06 10:43:33 +0000 (Mon, 06 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-12-21 03:00:07 +0000 (Sat, 21 Dec 2019)\");\n script_name(\"Debian Security Advisory DSA 4590-1 (cyrus-imapd - security update)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(9|10)\");\n\n script_xref(name:\"URL\", value:\"https://www.debian.org/security/2019/dsa-4590.html\");\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/DSA-4590-1\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'cyrus-imapd'\n package(s) announced via the DSA-4590-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"It was discovered that the lmtpd component of the Cyrus IMAP server\ncreated mailboxes with administrator privileges if the fileinto\nwas\nused, bypassing ACL checks.\");\n\n script_tag(name:\"affected\", value:\"'cyrus-imapd' package(s) on Debian Linux.\");\n\n script_tag(name:\"solution\", value:\"For the oldstable distribution (stretch), this problem has been fixed\nin version 2.5.10-3+deb9u2.\n\nFor the stable distribution (buster), this problem has been fixed in\nversion 3.0.8-6+deb10u3.\n\nWe recommend that you upgrade your cyrus-imapd packages.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"cyrus-admin\", ver:\"2.5.10-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"cyrus-caldav\", ver:\"2.5.10-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"cyrus-clients\", ver:\"2.5.10-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"cyrus-common\", ver:\"2.5.10-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"cyrus-dev\", ver:\"2.5.10-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"cyrus-doc\", ver:\"2.5.10-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"cyrus-imapd\", ver:\"2.5.10-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"cyrus-murder\", ver:\"2.5.10-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"cyrus-nntpd\", ver:\"2.5.10-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"cyrus-pop3d\", ver:\"2.5.10-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"cyrus-replication\", ver:\"2.5.10-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcyrus-imap-perl\", ver:\"2.5.10-3+deb9u2\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"cyrus-admin\", ver:\"3.0.8-6+deb10u3\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"cyrus-caldav\", ver:\"3.0.8-6+deb10u3\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"cyrus-clients\", ver:\"3.0.8-6+deb10u3\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"cyrus-common\", ver:\"3.0.8-6+deb10u3\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"cyrus-dev\", ver:\"3.0.8-6+deb10u3\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"cyrus-doc\", ver:\"3.0.8-6+deb10u3\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"cyrus-imapd\", ver:\"3.0.8-6+deb10u3\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"cyrus-murder\", ver:\"3.0.8-6+deb10u3\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"cyrus-nntpd\", ver:\"3.0.8-6+deb10u3\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"cyrus-pop3d\", ver:\"3.0.8-6+deb10u3\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"cyrus-replication\", ver:\"3.0.8-6+deb10u3\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcyrus-imap-perl\", ver:\"3.0.8-6+deb10u3\", rls:\"DEB10\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n\nexit(0);", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}}, {"lastseen": "2020-01-02T15:11:36", "description": "Cyrus IMAP is prone to an ACL bypass vulnerability.", "cvss3": {}, "published": "2019-12-18T00:00:00", "type": "openvas", "title": "Cyrus IMAP 2.5.x < 2.5.15, 3.0.x < 3.0.13 ACL Bypass Vulnerability", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-19783"], "modified": "2019-12-31T00:00:00", "id": "OPENVAS:1361412562310143263", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310143263", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nCPE = 'cpe:/a:cyrus:imap';\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.143263\");\n script_version(\"2019-12-31T10:02:33+0000\");\n script_tag(name:\"last_modification\", value:\"2019-12-31 10:02:33 +0000 (Tue, 31 Dec 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-12-18 03:51:27 +0000 (Wed, 18 Dec 2019)\");\n script_tag(name:\"cvss_base\", value:\"3.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:N/I:P/A:N\");\n\n script_cve_id(\"CVE-2019-19783\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_name(\"Cyrus IMAP 2.5.x < 2.5.15, 3.0.x < 3.0.13 ACL Bypass Vulnerability\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_cyrus_imap_server_detect.nasl\");\n script_mandatory_keys(\"cyrus/imap_server/detected\");\n\n script_tag(name:\"summary\", value:\"Cyrus IMAP is prone to an ACL bypass vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"If sieve script uploading is allowed (3.x) or certain non-default sieve\n options are enabled (2.x), a user with a mail account on the service can use a sieve script containing a\n fileinto directive to create any mailbox with administrator privileges, because of folder mishandling in\n autosieve_createfolder() in imap/lmtp_sieve.c.\");\n\n script_tag(name:\"affected\", value:\"Cyrus IMAP versions 2.5.0 - 2.5.14 and 3.0.0 - 3.0.12.\");\n\n script_tag(name:\"solution\", value:\"Update to version 2.5.15, 3.0.13 or later.\");\n\n script_xref(name:\"URL\", value:\"https://www.cyrusimap.org/imap/download/release-notes/2.5/x/2.5.15.html\");\n script_xref(name:\"URL\", value:\"https://www.cyrusimap.org/imap/download/release-notes/3.0/x/3.0.13.html\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif (!version = get_app_version(cpe: CPE, nofork: TRUE))\n exit(0);\n\nif (version_in_range(version: version, test_version: \"2.5\", test_version2: \"2.5.14\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"2.5.15\");\n security_message(port: 0, data: report);\n exit(0);\n}\n\nif (version_in_range(version: version, test_version: \"3.0\", test_version2: \"3.0.12\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"3.0.13\");\n security_message(port: 0, data: report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}}, {"lastseen": "2020-01-14T14:48:53", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2020-01-09T00:00:00", "type": "openvas", "title": "Fedora Update for cyrus-imapd FEDORA-2019-ad23a4522d", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-18928", "CVE-2019-19783"], "modified": "2020-01-13T00:00:00", "id": "OPENVAS:1361412562310877143", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310877143", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.877143\");\n script_version(\"2020-01-13T11:49:13+0000\");\n script_cve_id(\"CVE-2019-19783\", \"CVE-2019-18928\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-13 11:49:13 +0000 (Mon, 13 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-09 07:28:30 +0000 (Thu, 09 Jan 2020)\");\n script_name(\"Fedora Update for cyrus-imapd FEDORA-2019-ad23a4522d\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC31\");\n\n script_xref(name:\"FEDORA\", value:\"2019-ad23a4522d\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IGOO5UGEBBDPN7B2YXLK7I7L3Y35EBA\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'cyrus-imapd'\n package(s) announced via the FEDORA-2019-ad23a4522d advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The Cyrus IMAP (Internet Message Access Protocol) server provides access to\npersonal mail, system-wide bulletin boards, news-feeds, calendar and contacts\nthrough the IMAP, JMAP, NNTP, CalDAV and CardDAV protocols. The Cyrus IMAP\nserver is a scalable enterprise groupware system designed for use from small to\nlarge enterprise environments using technologies based on well-established Open\nStandards.\n\nA full Cyrus IMAP implementation allows a seamless mail and bulletin board\nenvironment to be set up across one or more nodes. It differs from other IMAP\nserver implementations in that it is run on sealed nodes, where users are not\nnormally permitted to log in. The mailbox database is stored in parts of the\nfilesystem that are private to the Cyrus IMAP system. All user access to mail\nis through software using the IMAP, IMAPS, JMAP, POP3, POP3S, KPOP, CalDAV\nand/or CardDAV protocols.\n\nThe private mailbox database design gives the Cyrus IMAP server large\nadvantages in efficiency, scalability, and administratability. Multiple\nconcurrent read/write connections to the same mailbox are permitted. The server\nsupports access control lists on mailboxes and storage quotas on mailbox\nhierarchies.\");\n\n script_tag(name:\"affected\", value:\"'cyrus-imapd' package(s) on Fedora 31.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC31\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"cyrus-imapd\", rpm:\"cyrus-imapd~3.0.13~1.fc31\", rls:\"FC31\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-14T14:48:02", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2020-01-08T00:00:00", "type": "openvas", "title": "Fedora Update for cyrus-imapd FEDORA-2019-7938c21723", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-18928", "CVE-2019-19783"], "modified": "2020-01-13T00:00:00", "id": "OPENVAS:1361412562310877106", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310877106", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.877106\");\n script_version(\"2020-01-13T11:49:13+0000\");\n script_cve_id(\"CVE-2019-19783\", \"CVE-2019-18928\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-13 11:49:13 +0000 (Mon, 13 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-08 11:21:33 +0000 (Wed, 08 Jan 2020)\");\n script_name(\"Fedora Update for cyrus-imapd FEDORA-2019-7938c21723\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC30\");\n\n script_xref(name:\"FEDORA\", value:\"2019-7938c21723\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2DIV4HQ6LG5GPRO4B5Z2NHCZUPBUVVVF\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'cyrus-imapd'\n package(s) announced via the FEDORA-2019-7938c21723 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The Cyrus IMAP (Internet Message Access Protocol) server provides access to\npersonal mail, system-wide bulletin boards, news-feeds, calendar and contacts\nthrough the IMAP, JMAP, NNTP, CalDAV and CardDAV protocols. The Cyrus IMAP\nserver is a scalable enterprise groupware system designed for use from small to\nlarge enterprise environments using technologies based on well-established Open\nStandards.\n\nA full Cyrus IMAP implementation allows a seamless mail and bulletin board\nenvironment to be set up across one or more nodes. It differs from other IMAP\nserver implementations in that it is run on sealed nodes, where users are not\nnormally permitted to log in. The mailbox database is stored in parts of the\nfilesystem that are private to the Cyrus IMAP system. All user access to mail\nis through software using the IMAP, IMAPS, JMAP, POP3, POP3S, KPOP, CalDAV\nand/or CardDAV protocols.\n\nThe private mailbox database design gives the Cyrus IMAP server large\nadvantages in efficiency, scalability, and administratability. Multiple\nconcurrent read/write connections to the same mailbox are permitted. The server\nsupports access control lists on mailboxes and storage quotas on mailbox\nhierarchies.\");\n\n script_tag(name:\"affected\", value:\"'cyrus-imapd' package(s) on Fedora 30.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC30\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"cyrus-imapd\", rpm:\"cyrus-imapd~3.0.13~1.fc30\", rls:\"FC30\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2021-10-16T12:25:26", "description": "The remote host is affected by the vulnerability described in GLSA-202006-23 (Cyrus IMAP Server: Access restriction bypass)\n\n An issue was discovered in Cyrus IMAP Server where sieve script uploading is excessively trusted.\n Impact :\n\n A user can use a sieve script to create any mailbox with administrator privileges.\n Workaround :\n\n Disable sieve script uploading until the upgrade is complete.", "cvss3": {"score": 6.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"}, "published": "2020-06-17T00:00:00", "type": "nessus", "title": "GLSA-202006-23 : Cyrus IMAP Server: Access restriction bypass", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-19783"], "modified": "2020-06-22T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:cyrus-imapd", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-202006-23.NASL", "href": "https://www.tenable.com/plugins/nessus/137460", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 202006-23.\n#\n# The advisory text is Copyright (C) 2001-2020 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(137460);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/22\");\n\n script_cve_id(\"CVE-2019-19783\");\n script_xref(name:\"GLSA\", value:\"202006-23\");\n\n script_name(english:\"GLSA-202006-23 : Cyrus IMAP Server: Access restriction bypass\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote host is affected by the vulnerability described in GLSA-202006-23\n(Cyrus IMAP Server: Access restriction bypass)\n\n An issue was discovered in Cyrus IMAP Server where sieve script\n uploading is excessively trusted.\n \nImpact :\n\n A user can use a sieve script to create any mailbox with administrator\n privileges.\n \nWorkaround :\n\n Disable sieve script uploading until the upgrade is complete.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/202006-23\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"All Cyrus IMAP Server users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-mail/cyrus-imapd-3.0.13'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:cyrus-imapd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/06/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"net-mail/cyrus-imapd\", unaffected:make_list(\"ge 3.0.13\"), vulnerable:make_list(\"lt 3.0.13\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:qpkg_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Cyrus IMAP Server\");\n}\n", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}}, {"lastseen": "2021-10-16T00:19:20", "description": "Update to new upstream version 3.0.13, which includes a fix for CVE-2019-19783 and other minor fixes. Release notes:\nhttps://www.cyrusimap.org/imap/download/release-notes/3.0/x/3.0.13.htm l\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 6.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"}, "published": "2020-01-06T00:00:00", "type": "nessus", "title": "Fedora 31 : cyrus-imapd (2019-ad23a4522d)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-19783"], "modified": "2020-01-08T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:cyrus-imapd", "cpe:/o:fedoraproject:fedora:31"], "id": "FEDORA_2019-AD23A4522D.NASL", "href": "https://www.tenable.com/plugins/nessus/132656", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2019-ad23a4522d.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(132656);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2020/01/08\");\n\n script_cve_id(\"CVE-2019-19783\");\n script_xref(name:\"FEDORA\", value:\"2019-ad23a4522d\");\n\n script_name(english:\"Fedora 31 : cyrus-imapd (2019-ad23a4522d)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to new upstream version 3.0.13, which includes a fix for\nCVE-2019-19783 and other minor fixes. Release notes:\nhttps://www.cyrusimap.org/imap/download/release-notes/3.0/x/3.0.13.htm\nl\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2019-ad23a4522d\"\n );\n # https://www.cyrusimap.org/imap/download/release-notes/3.0/x/3.0.13.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c4e167ad\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected cyrus-imapd package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:cyrus-imapd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:31\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/01/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/01/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^31([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 31\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC31\", reference:\"cyrus-imapd-3.0.13-1.fc31\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"cyrus-imapd\");\n}\n", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}}, {"lastseen": "2021-10-16T00:19:02", "description": "Update to new upstream version 3.0.13, which includes a fix for CVE-2019-19783 and other minor fixes. Release notes:\nhttps://www.cyrusimap.org/imap/download/release-notes/3.0/x/3.0.13.htm l\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 6.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"}, "published": "2020-01-06T00:00:00", "type": "nessus", "title": "Fedora 30 : cyrus-imapd (2019-7938c21723)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-19783"], "modified": "2020-01-08T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:cyrus-imapd", "cpe:/o:fedoraproject:fedora:30"], "id": "FEDORA_2019-7938C21723.NASL", "href": "https://www.tenable.com/plugins/nessus/132650", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2019-7938c21723.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(132650);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2020/01/08\");\n\n script_cve_id(\"CVE-2019-19783\");\n script_xref(name:\"FEDORA\", value:\"2019-7938c21723\");\n\n script_name(english:\"Fedora 30 : cyrus-imapd (2019-7938c21723)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to new upstream version 3.0.13, which includes a fix for\nCVE-2019-19783 and other minor fixes. Release notes:\nhttps://www.cyrusimap.org/imap/download/release-notes/3.0/x/3.0.13.htm\nl\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2019-7938c21723\"\n );\n # https://www.cyrusimap.org/imap/download/release-notes/3.0/x/3.0.13.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c4e167ad\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected cyrus-imapd package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:cyrus-imapd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:30\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/01/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/01/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^30([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 30\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC30\", reference:\"cyrus-imapd-3.0.13-1.fc30\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"cyrus-imapd\");\n}\n", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}}, {"lastseen": "2021-10-16T00:20:09", "description": "It was discovered that the lmtpd component of the Cyrus IMAP server created mailboxes with administrator privileges if the 'fileinto' was used, bypassing ACL checks.", "cvss3": {"score": 6.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"}, "published": "2019-12-20T00:00:00", "type": "nessus", "title": "Debian DSA-4590-1 : cyrus-imapd - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-19783"], "modified": "2019-12-31T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:cyrus-imapd", "cpe:/o:debian:debian_linux:10.0", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DSA-4590.NASL", "href": "https://www.tenable.com/plugins/nessus/132326", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4590. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(132326);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/12/31\");\n\n script_cve_id(\"CVE-2019-19783\");\n script_xref(name:\"DSA\", value:\"4590\");\n\n script_name(english:\"Debian DSA-4590-1 : cyrus-imapd - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that the lmtpd component of the Cyrus IMAP server\ncreated mailboxes with administrator privileges if the 'fileinto' was\nused, bypassing ACL checks.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/cyrus-imapd\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/cyrus-imapd\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/buster/cyrus-imapd\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2019/dsa-4590\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the cyrus-imapd packages.\n\nFor the oldstable distribution (stretch), this problem has been fixed\nin version 2.5.10-3+deb9u2.\n\nFor the stable distribution (buster), this problem has been fixed in\nversion 3.0.8-6+deb10u3.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-19783\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:cyrus-imapd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:10.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"10.0\", prefix:\"cyrus-admin\", reference:\"3.0.8-6+deb10u3\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"cyrus-caldav\", reference:\"3.0.8-6+deb10u3\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"cyrus-clients\", reference:\"3.0.8-6+deb10u3\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"cyrus-common\", reference:\"3.0.8-6+deb10u3\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"cyrus-dev\", reference:\"3.0.8-6+deb10u3\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"cyrus-doc\", reference:\"3.0.8-6+deb10u3\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"cyrus-imapd\", reference:\"3.0.8-6+deb10u3\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"cyrus-murder\", reference:\"3.0.8-6+deb10u3\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"cyrus-nntpd\", reference:\"3.0.8-6+deb10u3\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"cyrus-pop3d\", reference:\"3.0.8-6+deb10u3\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"cyrus-replication\", reference:\"3.0.8-6+deb10u3\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"libcyrus-imap-perl\", reference:\"3.0.8-6+deb10u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"cyrus-admin\", reference:\"2.5.10-3+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"cyrus-caldav\", reference:\"2.5.10-3+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"cyrus-clients\", reference:\"2.5.10-3+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"cyrus-common\", reference:\"2.5.10-3+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"cyrus-dev\", reference:\"2.5.10-3+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"cyrus-doc\", reference:\"2.5.10-3+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"cyrus-imapd\", reference:\"2.5.10-3+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"cyrus-murder\", reference:\"2.5.10-3+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"cyrus-nntpd\", reference:\"2.5.10-3+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"cyrus-pop3d\", reference:\"2.5.10-3+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"cyrus-replication\", reference:\"2.5.10-3+deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libcyrus-imap-perl\", reference:\"2.5.10-3+deb9u2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:deb_report_get());\n else security_note(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}}, {"lastseen": "2021-08-19T12:06:27", "description": "The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2020:4655 advisory.\n\n - cyrus-imapd: privilege escalation in HTTP request (CVE-2019-18928)\n\n - cyrus-imapd: lmtpd component created mailboxes with administrator privileges if the fileinto was used, bypassing ACL checks (CVE-2019-19783)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-02-01T00:00:00", "type": "nessus", "title": "CentOS 8 : cyrus-imapd (CESA-2020:4655)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-18928", "CVE-2019-19783"], "modified": "2021-03-23T00:00:00", "cpe": ["cpe:/o:centos:centos:8", "p-cpe:/a:centos:centos:cyrus-imapd", "p-cpe:/a:centos:centos:cyrus-imapd-utils", "p-cpe:/a:centos:centos:cyrus-imapd-vzic"], "id": "CENTOS8_RHSA-2020-4655.NASL", "href": "https://www.tenable.com/plugins/nessus/145926", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# Red Hat Security Advisory RHSA-2020:4655. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(145926);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/23\");\n\n script_cve_id(\"CVE-2019-18928\", \"CVE-2019-19783\");\n script_xref(name:\"RHSA\", value:\"2020:4655\");\n\n script_name(english:\"CentOS 8 : cyrus-imapd (CESA-2020:4655)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nCESA-2020:4655 advisory.\n\n - cyrus-imapd: privilege escalation in HTTP request (CVE-2019-18928)\n\n - cyrus-imapd: lmtpd component created mailboxes with administrator privileges if the fileinto was used,\n bypassing ACL checks (CVE-2019-19783)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:4655\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected cyrus-imapd, cyrus-imapd-utils and / or cyrus-imapd-vzic packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-18928\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/11/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:cyrus-imapd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:cyrus-imapd-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:cyrus-imapd-vzic\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/CentOS/release');\nif (isnull(release) || 'CentOS' >!< release) audit(AUDIT_OS_NOT, 'CentOS');\nos_ver = pregmatch(pattern: \"CentOS(?: Stream)?(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CentOS');\nos_ver = os_ver[1];\nif ('CentOS Stream' >< release) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS Stream ' + os_ver);\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS ' + os_ver);\n\nif (!get_kb_item('Host/CentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CentOS', cpu);\n\npkgs = [\n {'reference':'cyrus-imapd-3.0.7-19.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'cyrus-imapd-3.0.7-19.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'cyrus-imapd-utils-3.0.7-19.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'cyrus-imapd-utils-3.0.7-19.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'cyrus-imapd-vzic-3.0.7-19.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'cyrus-imapd-vzic-3.0.7-19.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'CentOS-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'cyrus-imapd / cyrus-imapd-utils / cyrus-imapd-vzic');\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-02-19T00:49:19", "description": "The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-4655 advisory.\n\n - An issue was discovered in Cyrus IMAP before 2.5.15, 3.0.x before 3.0.13, and 3.1.x through 3.1.8. If sieve script uploading is allowed (3.x) or certain non-default sieve options are enabled (2.x), a user with a mail account on the service can use a sieve script containing a fileinto directive to create any mailbox with administrator privileges, because of folder mishandling in autosieve_createfolder() in imap/lmtp_sieve.c. (CVE-2019-19783)\n\n - Cyrus IMAP 2.5.x before 2.5.14 and 3.x before 3.0.12 allows privilege escalation because an HTTP request may be interpreted in the authentication context of an unrelated previous request that arrived over the same connection. (CVE-2019-18928)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-11-12T00:00:00", "type": "nessus", "title": "Oracle Linux 8 : cyrus-imapd (ELSA-2020-4655)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-18928", "CVE-2019-19783"], "modified": "2020-11-13T00:00:00", "cpe": ["cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:cyrus-imapd", "p-cpe:/a:oracle:linux:cyrus-imapd-utils", "p-cpe:/a:oracle:linux:cyrus-imapd-vzic"], "id": "ORACLELINUX_ELSA-2020-4655.NASL", "href": "https://www.tenable.com/plugins/nessus/142756", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2020-4655.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(142756);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/11/13\");\n\n script_cve_id(\"CVE-2019-18928\", \"CVE-2019-19783\");\n\n script_name(english:\"Oracle Linux 8 : cyrus-imapd (ELSA-2020-4655)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2020-4655 advisory.\n\n - An issue was discovered in Cyrus IMAP before 2.5.15, 3.0.x before 3.0.13, and 3.1.x through 3.1.8. If\n sieve script uploading is allowed (3.x) or certain non-default sieve options are enabled (2.x), a user\n with a mail account on the service can use a sieve script containing a fileinto directive to create any\n mailbox with administrator privileges, because of folder mishandling in autosieve_createfolder() in\n imap/lmtp_sieve.c. (CVE-2019-19783)\n\n - Cyrus IMAP 2.5.x before 2.5.14 and 3.x before 3.0.12 allows privilege escalation because an HTTP request\n may be interpreted in the authentication context of an unrelated previous request that arrived over the\n same connection. (CVE-2019-18928)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2020-4655.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected cyrus-imapd, cyrus-imapd-utils and / or cyrus-imapd-vzic packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-18928\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/11/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:cyrus-imapd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:cyrus-imapd-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:cyrus-imapd-vzic\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\npkgs = [\n {'reference':'cyrus-imapd-3.0.7-19.el8', 'cpu':'aarch64', 'release':'8'},\n {'reference':'cyrus-imapd-3.0.7-19.el8', 'cpu':'i686', 'release':'8'},\n {'reference':'cyrus-imapd-3.0.7-19.el8', 'cpu':'x86_64', 'release':'8'},\n {'reference':'cyrus-imapd-utils-3.0.7-19.el8', 'cpu':'aarch64', 'release':'8'},\n {'reference':'cyrus-imapd-utils-3.0.7-19.el8', 'cpu':'x86_64', 'release':'8'},\n {'reference':'cyrus-imapd-vzic-3.0.7-19.el8', 'cpu':'aarch64', 'release':'8'},\n {'reference':'cyrus-imapd-vzic-3.0.7-19.el8', 'cpu':'x86_64', 'release':'8'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n rpm_prefix = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['rpm_prefix'])) rpm_prefix = package_array['rpm_prefix'];\n if (reference && release) {\n if (rpm_prefix) {\n if (rpm_exists(release:release, rpm:rpm_prefix) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'cyrus-imapd / cyrus-imapd-utils / cyrus-imapd-vzic');\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-18T17:29:20", "description": "The remote Ubuntu 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4566-1 advisory.\n\n - The CalDAV feature in httpd in Cyrus IMAP 2.5.x through 2.5.12 and 3.0.x through 3.0.9 allows remote attackers to execute arbitrary code via a crafted HTTP PUT operation for an event with a long iCalendar property name. (CVE-2019-11356)\n\n - An issue was discovered in Cyrus IMAP before 2.5.15, 3.0.x before 3.0.13, and 3.1.x through 3.1.8. If sieve script uploading is allowed (3.x) or certain non-default sieve options are enabled (2.x), a user with a mail account on the service can use a sieve script containing a fileinto directive to create any mailbox with administrator privileges, because of folder mishandling in autosieve_createfolder() in imap/lmtp_sieve.c. (CVE-2019-19783)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-10-05T00:00:00", "type": "nessus", "title": "Ubuntu 18.04 LTS : Cyrus IMAP Server vulnerabilities (USN-4566-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-11356", "CVE-2019-19783"], "modified": "2020-11-24T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:cyrus-admin", "p-cpe:/a:canonical:ubuntu_linux:cyrus-caldav", "p-cpe:/a:canonical:ubuntu_linux:cyrus-clients", "p-cpe:/a:canonical:ubuntu_linux:cyrus-common", "p-cpe:/a:canonical:ubuntu_linux:cyrus-dev", "p-cpe:/a:canonical:ubuntu_linux:cyrus-imapd", "p-cpe:/a:canonical:ubuntu_linux:cyrus-murder", "p-cpe:/a:canonical:ubuntu_linux:cyrus-nntpd", "p-cpe:/a:canonical:ubuntu_linux:cyrus-pop3d", "p-cpe:/a:canonical:ubuntu_linux:cyrus-replication", "p-cpe:/a:canonical:ubuntu_linux:libcyrus-imap-perl"], "id": "UBUNTU_USN-4566-1.NASL", "href": "https://www.tenable.com/plugins/nessus/141178", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4566-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(141178);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/11/24\");\n\n script_cve_id(\"CVE-2019-11356\", \"CVE-2019-19783\");\n script_xref(name:\"USN\", value:\"4566-1\");\n\n script_name(english:\"Ubuntu 18.04 LTS : Cyrus IMAP Server vulnerabilities (USN-4566-1)\");\n script_summary(english:\"Checks the dpkg output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe USN-4566-1 advisory.\n\n - The CalDAV feature in httpd in Cyrus IMAP 2.5.x through 2.5.12 and 3.0.x through 3.0.9 allows remote\n attackers to execute arbitrary code via a crafted HTTP PUT operation for an event with a long iCalendar\n property name. (CVE-2019-11356)\n\n - An issue was discovered in Cyrus IMAP before 2.5.15, 3.0.x before 3.0.13, and 3.1.x through 3.1.8. If\n sieve script uploading is allowed (3.x) or certain non-default sieve options are enabled (2.x), a user\n with a mail account on the service can use a sieve script containing a fileinto directive to create any\n mailbox with administrator privileges, because of folder mishandling in autosieve_createfolder() in\n imap/lmtp_sieve.c. (CVE-2019-19783)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-4566-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11356\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/06/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:cyrus-admin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:cyrus-caldav\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:cyrus-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:cyrus-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:cyrus-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:cyrus-imapd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:cyrus-murder\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:cyrus-nntpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:cyrus-pop3d\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:cyrus-replication\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libcyrus-imap-perl\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2020 Canonical, Inc. / NASL script (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('ubuntu.inc');\ninclude('misc_func.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/Ubuntu/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nrelease = chomp(release);\nif (! preg(pattern:\"^(18\\.04)$\", string:release)) audit(AUDIT_OS_NOT, 'Ubuntu 18.04', 'Ubuntu ' + release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\n\npkgs = [\n {'osver': '18.04', 'pkgname': 'cyrus-admin', 'pkgver': '2.5.10-3ubuntu1.1'},\n {'osver': '18.04', 'pkgname': 'cyrus-caldav', 'pkgver': '2.5.10-3ubuntu1.1'},\n {'osver': '18.04', 'pkgname': 'cyrus-clients', 'pkgver': '2.5.10-3ubuntu1.1'},\n {'osver': '18.04', 'pkgname': 'cyrus-common', 'pkgver': '2.5.10-3ubuntu1.1'},\n {'osver': '18.04', 'pkgname': 'cyrus-dev', 'pkgver': '2.5.10-3ubuntu1.1'},\n {'osver': '18.04', 'pkgname': 'cyrus-imapd', 'pkgver': '2.5.10-3ubuntu1.1'},\n {'osver': '18.04', 'pkgname': 'cyrus-murder', 'pkgver': '2.5.10-3ubuntu1.1'},\n {'osver': '18.04', 'pkgname': 'cyrus-nntpd', 'pkgver': '2.5.10-3ubuntu1.1'},\n {'osver': '18.04', 'pkgname': 'cyrus-pop3d', 'pkgver': '2.5.10-3ubuntu1.1'},\n {'osver': '18.04', 'pkgname': 'cyrus-replication', 'pkgver': '2.5.10-3ubuntu1.1'},\n {'osver': '18.04', 'pkgname': 'libcyrus-imap-perl', 'pkgver': '2.5.10-3ubuntu1.1'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n osver = NULL;\n pkgname = NULL;\n pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'cyrus-admin / cyrus-caldav / cyrus-clients / cyrus-common / cyrus-dev / etc');\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-02-19T00:52:17", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:4655 advisory.\n\n - cyrus-imapd: privilege escalation in HTTP request (CVE-2019-18928)\n\n - cyrus-imapd: lmtpd component created mailboxes with administrator privileges if the fileinto was used, bypassing ACL checks (CVE-2019-19783)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-11-04T00:00:00", "type": "nessus", "title": "RHEL 8 : cyrus-imapd (RHSA-2020:4655)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-18928", "CVE-2019-19783"], "modified": "2021-10-12T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:8", "cpe:/o:redhat:rhel_aus:8.4", "cpe:/o:redhat:rhel_e4s:8.4", "cpe:/o:redhat:rhel_eus:8.4", "cpe:/o:redhat:rhel_tus:8.4", "p-cpe:/a:redhat:enterprise_linux:cyrus-imapd", "p-cpe:/a:redhat:enterprise_linux:cyrus-imapd-utils", "p-cpe:/a:redhat:enterprise_linux:cyrus-imapd-vzic"], "id": "REDHAT-RHSA-2020-4655.NASL", "href": "https://www.tenable.com/plugins/nessus/142383", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:4655. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(142383);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/10/12\");\n\n script_cve_id(\"CVE-2019-18928\", \"CVE-2019-19783\");\n script_xref(name:\"RHSA\", value:\"2020:4655\");\n\n script_name(english:\"RHEL 8 : cyrus-imapd (RHSA-2020:4655)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:4655 advisory.\n\n - cyrus-imapd: privilege escalation in HTTP request (CVE-2019-18928)\n\n - cyrus-imapd: lmtpd component created mailboxes with administrator privileges if the fileinto was used,\n bypassing ACL checks (CVE-2019-19783)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/287.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-18928\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-19783\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:4655\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1775177\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1786756\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected cyrus-imapd, cyrus-imapd-utils and / or cyrus-imapd-vzic packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-18928\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(287);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/11/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:cyrus-imapd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:cyrus-imapd-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:cyrus-imapd-vzic\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nvar os_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar repositories = {\n 'enterprise_linux_8_appstream': [\n 'rhel-8-for-aarch64-appstream-debug-rpms',\n 'rhel-8-for-aarch64-appstream-rpms',\n 'rhel-8-for-aarch64-appstream-source-rpms',\n 'rhel-8-for-s390x-appstream-debug-rpms',\n 'rhel-8-for-s390x-appstream-rpms',\n 'rhel-8-for-s390x-appstream-source-rpms',\n 'rhel-8-for-x86_64-appstream-debug-rpms',\n 'rhel-8-for-x86_64-appstream-rpms',\n 'rhel-8-for-x86_64-appstream-source-rpms'\n ],\n 'enterprise_linux_8_baseos': [\n 'rhel-8-for-aarch64-baseos-debug-rpms',\n 'rhel-8-for-aarch64-baseos-rpms',\n 'rhel-8-for-aarch64-baseos-source-rpms',\n 'rhel-8-for-s390x-baseos-debug-rpms',\n 'rhel-8-for-s390x-baseos-rpms',\n 'rhel-8-for-s390x-baseos-source-rpms',\n 'rhel-8-for-x86_64-baseos-debug-rpms',\n 'rhel-8-for-x86_64-baseos-rpms',\n 'rhel-8-for-x86_64-baseos-source-rpms'\n ],\n 'enterprise_linux_8_crb': [\n 'codeready-builder-for-rhel-8-aarch64-debug-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-source-rpms',\n 'codeready-builder-for-rhel-8-aarch64-rpms',\n 'codeready-builder-for-rhel-8-aarch64-source-rpms',\n 'codeready-builder-for-rhel-8-s390x-debug-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-source-rpms',\n 'codeready-builder-for-rhel-8-s390x-rpms',\n 'codeready-builder-for-rhel-8-s390x-source-rpms',\n 'codeready-builder-for-rhel-8-x86_64-debug-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-source-rpms',\n 'codeready-builder-for-rhel-8-x86_64-rpms',\n 'codeready-builder-for-rhel-8-x86_64-source-rpms'\n ],\n 'enterprise_linux_8_highavailability': [\n 'rhel-8-for-aarch64-highavailability-debug-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-debug-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-source-rpms',\n 'rhel-8-for-aarch64-highavailability-rpms',\n 'rhel-8-for-aarch64-highavailability-source-rpms',\n 'rhel-8-for-s390x-highavailability-debug-rpms',\n 'rhel-8-for-s390x-highavailability-eus-debug-rpms',\n 'rhel-8-for-s390x-highavailability-eus-rpms',\n 'rhel-8-for-s390x-highavailability-eus-source-rpms',\n 'rhel-8-for-s390x-highavailability-rpms',\n 'rhel-8-for-s390x-highavailability-source-rpms',\n 'rhel-8-for-x86_64-highavailability-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-source-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-source-rpms',\n 'rhel-8-for-x86_64-highavailability-rpms',\n 'rhel-8-for-x86_64-highavailability-source-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-source-rpms'\n ],\n 'enterprise_linux_8_nfv': [\n 'rhel-8-for-x86_64-nfv-debug-rpms',\n 'rhel-8-for-x86_64-nfv-rpms',\n 'rhel-8-for-x86_64-nfv-source-rpms',\n 'rhel-8-for-x86_64-nfv-tus-debug-rpms',\n 'rhel-8-for-x86_64-nfv-tus-rpms',\n 'rhel-8-for-x86_64-nfv-tus-source-rpms'\n ],\n 'enterprise_linux_8_realtime': [\n 'rhel-8-for-x86_64-rt-debug-rpms',\n 'rhel-8-for-x86_64-rt-rpms',\n 'rhel-8-for-x86_64-rt-source-rpms',\n 'rhel-8-for-x86_64-rt-tus-debug-rpms',\n 'rhel-8-for-x86_64-rt-tus-rpms',\n 'rhel-8-for-x86_64-rt-tus-source-rpms'\n ],\n 'enterprise_linux_8_resilientstorage': [\n 'rhel-8-for-s390x-resilientstorage-debug-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-debug-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-source-rpms',\n 'rhel-8-for-s390x-resilientstorage-rpms',\n 'rhel-8-for-s390x-resilientstorage-source-rpms',\n 'rhel-8-for-x86_64-resilientstorage-debug-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-debug-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-source-rpms',\n 'rhel-8-for-x86_64-resilientstorage-rpms',\n 'rhel-8-for-x86_64-resilientstorage-source-rpms'\n ],\n 'enterprise_linux_8_sap': [\n 'rhel-8-for-s390x-sap-netweaver-debug-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-debug-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-source-rpms',\n 'rhel-8-for-s390x-sap-netweaver-rpms',\n 'rhel-8-for-s390x-sap-netweaver-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-source-rpms'\n ],\n 'enterprise_linux_8_sap_hana': [\n 'rhel-8-for-x86_64-sap-solutions-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-source-rpms',\n 'rhel-8-for-x86_64-sap-solutions-rpms',\n 'rhel-8-for-x86_64-sap-solutions-source-rpms'\n ],\n 'enterprise_linux_8_supplementary': [\n 'rhel-8-for-aarch64-supplementary-eus-rpms',\n 'rhel-8-for-aarch64-supplementary-eus-source-rpms',\n 'rhel-8-for-aarch64-supplementary-rpms',\n 'rhel-8-for-aarch64-supplementary-source-rpms',\n 'rhel-8-for-s390x-supplementary-eus-rpms',\n 'rhel-8-for-s390x-supplementary-eus-source-rpms',\n 'rhel-8-for-s390x-supplementary-rpms',\n 'rhel-8-for-s390x-supplementary-source-rpms',\n 'rhel-8-for-x86_64-supplementary-eus-rpms',\n 'rhel-8-for-x86_64-supplementary-eus-source-rpms',\n 'rhel-8-for-x86_64-supplementary-rpms',\n 'rhel-8-for-x86_64-supplementary-source-rpms'\n ],\n 'rhel_aus_8_4_appstream': [\n 'rhel-8-for-x86_64-appstream-aus-debug-rpms',\n 'rhel-8-for-x86_64-appstream-aus-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-appstream-aus-rpms',\n 'rhel-8-for-x86_64-appstream-aus-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-appstream-aus-source-rpms',\n 'rhel-8-for-x86_64-appstream-aus-source-rpms__8_DOT_4'\n ],\n 'rhel_aus_8_4_baseos': [\n 'rhel-8-for-x86_64-baseos-aus-debug-rpms',\n 'rhel-8-for-x86_64-baseos-aus-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-baseos-aus-rpms',\n 'rhel-8-for-x86_64-baseos-aus-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-baseos-aus-source-rpms',\n 'rhel-8-for-x86_64-baseos-aus-source-rpms__8_DOT_4'\n ],\n 'rhel_e4s_8_4_appstream': [\n 'rhel-8-for-x86_64-appstream-e4s-debug-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-appstream-e4s-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-appstream-e4s-source-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-source-rpms__8_DOT_4'\n ],\n 'rhel_e4s_8_4_baseos': [\n 'rhel-8-for-x86_64-baseos-e4s-debug-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-baseos-e4s-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-baseos-e4s-source-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-source-rpms__8_DOT_4'\n ],\n 'rhel_e4s_8_4_highavailability': [\n 'rhel-8-for-x86_64-highavailability-e4s-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-highavailability-e4s-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-highavailability-e4s-source-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-source-rpms__8_DOT_4'\n ],\n 'rhel_e4s_8_4_sap': [\n 'rhel-8-for-x86_64-sap-netweaver-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-source-rpms__8_DOT_4'\n ],\n 'rhel_e4s_8_4_sap_hana': [\n 'rhel-8-for-x86_64-sap-solutions-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-sap-solutions-e4s-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-sap-solutions-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-source-rpms__8_DOT_4'\n ],\n 'rhel_eus_8_4_appstream': [\n 'rhel-8-for-aarch64-appstream-eus-debug-rpms',\n 'rhel-8-for-aarch64-appstream-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-aarch64-appstream-eus-rpms',\n 'rhel-8-for-aarch64-appstream-eus-rpms__8_DOT_4',\n 'rhel-8-for-aarch64-appstream-eus-source-rpms',\n 'rhel-8-for-aarch64-appstream-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-s390x-appstream-eus-debug-rpms',\n 'rhel-8-for-s390x-appstream-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-s390x-appstream-eus-rpms',\n 'rhel-8-for-s390x-appstream-eus-rpms__8_DOT_4',\n 'rhel-8-for-s390x-appstream-eus-source-rpms',\n 'rhel-8-for-s390x-appstream-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-appstream-aus-debug-rpms',\n 'rhel-8-for-x86_64-appstream-aus-rpms',\n 'rhel-8-for-x86_64-appstream-aus-source-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-debug-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-source-rpms',\n 'rhel-8-for-x86_64-appstream-eus-debug-rpms',\n 'rhel-8-for-x86_64-appstream-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-appstream-eus-rpms',\n 'rhel-8-for-x86_64-appstream-eus-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-appstream-eus-source-rpms',\n 'rhel-8-for-x86_64-appstream-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-appstream-tus-debug-rpms',\n 'rhel-8-for-x86_64-appstream-tus-rpms',\n 'rhel-8-for-x86_64-appstream-tus-source-rpms'\n ],\n 'rhel_eus_8_4_baseos': [\n 'rhel-8-for-aarch64-baseos-eus-debug-rpms',\n 'rhel-8-for-aarch64-baseos-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-aarch64-baseos-eus-rpms',\n 'rhel-8-for-aarch64-baseos-eus-rpms__8_DOT_4',\n 'rhel-8-for-aarch64-baseos-eus-source-rpms',\n 'rhel-8-for-aarch64-baseos-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-s390x-baseos-eus-debug-rpms',\n 'rhel-8-for-s390x-baseos-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-s390x-baseos-eus-rpms',\n 'rhel-8-for-s390x-baseos-eus-rpms__8_DOT_4',\n 'rhel-8-for-s390x-baseos-eus-source-rpms',\n 'rhel-8-for-s390x-baseos-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-baseos-aus-debug-rpms',\n 'rhel-8-for-x86_64-baseos-aus-rpms',\n 'rhel-8-for-x86_64-baseos-aus-source-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-debug-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-rpms',\n 'rhel-8-for-x86_64-baseos-e4s-source-rpms',\n 'rhel-8-for-x86_64-baseos-eus-debug-rpms',\n 'rhel-8-for-x86_64-baseos-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-baseos-eus-rpms',\n 'rhel-8-for-x86_64-baseos-eus-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-baseos-eus-source-rpms',\n 'rhel-8-for-x86_64-baseos-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-baseos-tus-debug-rpms',\n 'rhel-8-for-x86_64-baseos-tus-rpms',\n 'rhel-8-for-x86_64-baseos-tus-source-rpms'\n ],\n 'rhel_eus_8_4_crb': [\n 'codeready-builder-for-rhel-8-aarch64-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-debug-rpms__8_DOT_4',\n 'codeready-builder-for-rhel-8-aarch64-eus-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-rpms__8_DOT_4',\n 'codeready-builder-for-rhel-8-aarch64-eus-source-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-source-rpms__8_DOT_4',\n 'codeready-builder-for-rhel-8-s390x-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-debug-rpms__8_DOT_4',\n 'codeready-builder-for-rhel-8-s390x-eus-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-rpms__8_DOT_4',\n 'codeready-builder-for-rhel-8-s390x-eus-source-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-source-rpms__8_DOT_4',\n 'codeready-builder-for-rhel-8-x86_64-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-debug-rpms__8_DOT_4',\n 'codeready-builder-for-rhel-8-x86_64-eus-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-rpms__8_DOT_4',\n 'codeready-builder-for-rhel-8-x86_64-eus-source-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-source-rpms__8_DOT_4'\n ],\n 'rhel_eus_8_4_highavailability': [\n 'rhel-8-for-aarch64-highavailability-eus-debug-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-aarch64-highavailability-eus-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-rpms__8_DOT_4',\n 'rhel-8-for-aarch64-highavailability-eus-source-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-s390x-highavailability-eus-debug-rpms',\n 'rhel-8-for-s390x-highavailability-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-s390x-highavailability-eus-rpms',\n 'rhel-8-for-s390x-highavailability-eus-rpms__8_DOT_4',\n 'rhel-8-for-s390x-highavailability-eus-source-rpms',\n 'rhel-8-for-s390x-highavailability-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-highavailability-e4s-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-source-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-highavailability-eus-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-highavailability-eus-source-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-highavailability-tus-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-source-rpms'\n ],\n 'rhel_eus_8_4_resilientstorage': [\n 'rhel-8-for-s390x-resilientstorage-eus-debug-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-s390x-resilientstorage-eus-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-rpms__8_DOT_4',\n 'rhel-8-for-s390x-resilientstorage-eus-source-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-resilientstorage-eus-debug-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-resilientstorage-eus-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-resilientstorage-eus-source-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-source-rpms__8_DOT_4'\n ],\n 'rhel_eus_8_4_sap': [\n 'rhel-8-for-s390x-sap-netweaver-eus-debug-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-s390x-sap-netweaver-eus-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-rpms__8_DOT_4',\n 'rhel-8-for-s390x-sap-netweaver-eus-source-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-sap-netweaver-eus-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-sap-netweaver-eus-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-source-rpms__8_DOT_4'\n ],\n 'rhel_eus_8_4_sap_hana': [\n 'rhel-8-for-x86_64-sap-solutions-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-sap-solutions-eus-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-sap-solutions-eus-source-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-source-rpms__8_DOT_4'\n ],\n 'rhel_eus_8_4_supplementary': [\n 'rhel-8-for-aarch64-supplementary-eus-rpms',\n 'rhel-8-for-aarch64-supplementary-eus-rpms__8_DOT_4',\n 'rhel-8-for-aarch64-supplementary-eus-source-rpms',\n 'rhel-8-for-aarch64-supplementary-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-s390x-supplementary-eus-rpms',\n 'rhel-8-for-s390x-supplementary-eus-rpms__8_DOT_4',\n 'rhel-8-for-s390x-supplementary-eus-source-rpms',\n 'rhel-8-for-s390x-supplementary-eus-source-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-supplementary-eus-rpms',\n 'rhel-8-for-x86_64-supplementary-eus-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-supplementary-eus-source-rpms',\n 'rhel-8-for-x86_64-supplementary-eus-source-rpms__8_DOT_4'\n ],\n 'rhel_extras_nfv_8': [\n 'rhel-8-for-x86_64-nfv-debug-rpms',\n 'rhel-8-for-x86_64-nfv-rpms',\n 'rhel-8-for-x86_64-nfv-source-rpms',\n 'rhel-8-for-x86_64-nfv-tus-debug-rpms',\n 'rhel-8-for-x86_64-nfv-tus-rpms',\n 'rhel-8-for-x86_64-nfv-tus-source-rpms'\n ],\n 'rhel_extras_rt_8': [\n 'rhel-8-for-x86_64-nfv-debug-rpms',\n 'rhel-8-for-x86_64-nfv-rpms',\n 'rhel-8-for-x86_64-nfv-source-rpms',\n 'rhel-8-for-x86_64-rt-debug-rpms',\n 'rhel-8-for-x86_64-rt-rpms',\n 'rhel-8-for-x86_64-rt-source-rpms',\n 'rhel-8-for-x86_64-rt-tus-debug-rpms',\n 'rhel-8-for-x86_64-rt-tus-rpms',\n 'rhel-8-for-x86_64-rt-tus-source-rpms'\n ],\n 'rhel_tus_8_4_appstream': [\n 'rhel-8-for-x86_64-appstream-tus-debug-rpms',\n 'rhel-8-for-x86_64-appstream-tus-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-appstream-tus-rpms',\n 'rhel-8-for-x86_64-appstream-tus-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-appstream-tus-source-rpms',\n 'rhel-8-for-x86_64-appstream-tus-source-rpms__8_DOT_4'\n ],\n 'rhel_tus_8_4_baseos': [\n 'rhel-8-for-x86_64-baseos-tus-debug-rpms',\n 'rhel-8-for-x86_64-baseos-tus-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-baseos-tus-rpms',\n 'rhel-8-for-x86_64-baseos-tus-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-baseos-tus-source-rpms',\n 'rhel-8-for-x86_64-baseos-tus-source-rpms__8_DOT_4'\n ],\n 'rhel_tus_8_4_highavailability': [\n 'rhel-8-for-x86_64-highavailability-tus-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-debug-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-highavailability-tus-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-rpms__8_DOT_4',\n 'rhel-8-for-x86_64-highavailability-tus-source-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-source-rpms__8_DOT_4'\n ]\n};\n\nvar repo_sets = rhel_get_valid_repo_sets(repositories:repositories);\nvar enterprise_linux_flag = rhel_repo_sets_has_enterprise_linux(repo_sets:repo_sets);\nif(repo_sets == RHEL_REPOS_NO_OVERLAP_MESSAGE) audit(AUDIT_PACKAGE_LIST_MISSING, RHEL_REPO_AUDIT_PACKAGE_LIST_DETAILS);\n\nvar pkgs = [\n {'reference':'cyrus-imapd-3.0.7-19.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'cyrus-imapd-3.0.7-19.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'cyrus-imapd-3.0.7-19.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'cyrus-imapd-3.0.7-19.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'cyrus-imapd-utils-3.0.7-19.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'cyrus-imapd-utils-3.0.7-19.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'cyrus-imapd-utils-3.0.7-19.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'cyrus-imapd-vzic-3.0.7-19.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'cyrus-imapd-vzic-3.0.7-19.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']},\n {'reference':'cyrus-imapd-vzic-3.0.7-19.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary', 'rhel_aus_8_4_appstream', 'rhel_aus_8_4_baseos', 'rhel_e4s_8_4_appstream', 'rhel_e4s_8_4_baseos', 'rhel_e4s_8_4_highavailability', 'rhel_e4s_8_4_sap', 'rhel_e4s_8_4_sap_hana', 'rhel_eus_8_4_appstream', 'rhel_eus_8_4_baseos', 'rhel_eus_8_4_crb', 'rhel_eus_8_4_highavailability', 'rhel_eus_8_4_resilientstorage', 'rhel_eus_8_4_sap', 'rhel_eus_8_4_sap_hana', 'rhel_eus_8_4_supplementary', 'rhel_extras_nfv_8', 'rhel_extras_rt_8', 'rhel_tus_8_4_appstream', 'rhel_tus_8_4_baseos', 'rhel_tus_8_4_highavailability']}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n var repo_list = NULL;\n if (!empty_or_null(package_array['repo_list'])) repo_list = package_array['repo_list'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp']) && !enterprise_linux_flag) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference &&\n release &&\n (rhel_decide_repo_check(repo_list:repo_list, repo_sets:repo_sets) || (!exists_check || rpm_exists(release:release, rpm:exists_check))) &&\n rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(repo_sets)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'cyrus-imapd / cyrus-imapd-utils / cyrus-imapd-vzic');\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:05:54", "description": "The remote NewStart CGSL host, running version MAIN 6.02, has cyrus-imapd packages installed that are affected by multiple vulnerabilities:\n\n - Cyrus IMAP 2.5.x before 2.5.14 and 3.x before 3.0.12 allows privilege escalation because an HTTP request may be interpreted in the authentication context of an unrelated previous request that arrived over the same connection. (CVE-2019-18928)\n\n - An issue was discovered in Cyrus IMAP before 2.5.15, 3.0.x before 3.0.13, and 3.1.x through 3.1.8. If sieve script uploading is allowed (3.x) or certain non-default sieve options are enabled (2.x), a user with a mail account on the service can use a sieve script containing a fileinto directive to create any mailbox with administrator privileges, because of folder mishandling in autosieve_createfolder() in imap/lmtp_sieve.c. (CVE-2019-19783)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-03-10T00:00:00", "type": "nessus", "title": "NewStart CGSL MAIN 6.02 : cyrus-imapd Multiple Vulnerabilities (NS-SA-2021-0086)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-18928", "CVE-2019-19783"], "modified": "2021-03-10T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2021-0086_CYRUS-IMAPD.NASL", "href": "https://www.tenable.com/plugins/nessus/147242", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2021-0086. The text\n# itself is copyright (C) ZTE, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147242);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/10\");\n\n script_cve_id(\"CVE-2019-18928\", \"CVE-2019-19783\");\n\n script_name(english:\"NewStart CGSL MAIN 6.02 : cyrus-imapd Multiple Vulnerabilities (NS-SA-2021-0086)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version MAIN 6.02, has cyrus-imapd packages installed that are affected by\nmultiple vulnerabilities:\n\n - Cyrus IMAP 2.5.x before 2.5.14 and 3.x before 3.0.12 allows privilege escalation because an HTTP request\n may be interpreted in the authentication context of an unrelated previous request that arrived over the\n same connection. (CVE-2019-18928)\n\n - An issue was discovered in Cyrus IMAP before 2.5.15, 3.0.x before 3.0.13, and 3.1.x through 3.1.8. If\n sieve script uploading is allowed (3.x) or certain non-default sieve options are enabled (2.x), a user\n with a mail account on the service can use a sieve script containing a fileinto directive to create any\n mailbox with administrator privileges, because of folder mishandling in autosieve_createfolder() in\n imap/lmtp_sieve.c. (CVE-2019-19783)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2021-0086\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL cyrus-imapd packages. Note that updated packages may not be available yet. Please contact\nZTE for more information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-18928\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/11/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item('Host/ZTE-CGSL/release');\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, 'NewStart Carrier Grade Server Linux');\n\nif (release !~ \"CGSL MAIN 6.02\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL MAIN 6.02');\n\nif (!get_kb_item('Host/ZTE-CGSL/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'NewStart Carrier Grade Server Linux', cpu);\n\nflag = 0;\n\npkgs = {\n 'CGSL MAIN 6.02': [\n 'cyrus-imapd-3.0.7-19.el8',\n 'cyrus-imapd-debuginfo-3.0.7-19.el8',\n 'cyrus-imapd-debugsource-3.0.7-19.el8',\n 'cyrus-imapd-devel-3.0.7-19.el8',\n 'cyrus-imapd-utils-3.0.7-19.el8',\n 'cyrus-imapd-utils-debuginfo-3.0.7-19.el8',\n 'cyrus-imapd-vzic-3.0.7-19.el8',\n 'cyrus-imapd-vzic-debuginfo-3.0.7-19.el8'\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:'ZTE ' + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'cyrus-imapd');\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "ubuntucve": [{"lastseen": "2021-11-22T21:28:13", "description": "An issue was discovered in Cyrus IMAP before 2.5.15, 3.0.x before 3.0.13,\nand 3.1.x through 3.1.8. If sieve script uploading is allowed (3.x) or\ncertain non-default sieve options are enabled (2.x), a user with a mail\naccount on the service can use a sieve script containing a fileinto\ndirective to create any mailbox with administrator privileges, because of\nfolder mishandling in autosieve_createfolder() in imap/lmtp_sieve.c.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 6.5, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2019-12-16T00:00:00", "type": "ubuntucve", "title": "CVE-2019-19783", "bulletinFamily": "info", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 3.5, "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-19783"], "modified": "2019-12-16T00:00:00", "id": "UB:CVE-2019-19783", "href": "https://ubuntu.com/security/CVE-2019-19783", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}}], "gentoo": [{"lastseen": "2022-01-17T19:01:55", "description": "### Background\n\nThe Cyrus IMAP Server is an efficient, highly-scalable IMAP e-mail server. \n\n### Description\n\nAn issue was discovered in Cyrus IMAP Server where sieve script uploading is excessively trusted. \n\n### Impact\n\nA user can use a sieve script to create any mailbox with administrator privileges. \n\n### Workaround\n\nDisable sieve script uploading until the upgrade is complete.\n\n### Resolution\n\nAll Cyrus IMAP Server users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-mail/cyrus-imapd-3.0.13\"", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 6.5, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2020-06-15T00:00:00", "type": "gentoo", "title": "Cyrus IMAP Server: Access restriction bypass", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 3.5, "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-19783"], "modified": "2020-06-15T00:00:00", "id": "GLSA-202006-23", "href": "https://security.gentoo.org/glsa/202006-23", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}}], "cve": [{"lastseen": "2022-05-03T18:32:06", "description": "An issue was discovered in Cyrus IMAP before 2.5.15, 3.0.x before 3.0.13, and 3.1.x through 3.1.8. If sieve script uploading is allowed (3.x) or certain non-default sieve options are enabled (2.x), a user with a mail account on the service can use a sieve script containing a fileinto directive to create any mailbox with administrator privileges, because of folder mishandling in autosieve_createfolder() in imap/lmtp_sieve.c.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-12-16T14:15:00", "type": "cve", "title": "CVE-2019-19783", "cwe": ["CWE-269"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 3.5, "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-19783"], "modified": "2022-05-03T14:27:00", "cpe": ["cpe:/o:debian:debian_linux:9.0", "cpe:/o:canonical:ubuntu_linux:18.04", "cpe:/o:debian:debian_linux:10.0", "cpe:/o:fedoraproject:fedora:31", "cpe:/o:fedoraproject:fedora:30"], "id": "CVE-2019-19783", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-19783", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*"]}], "fedora": [{"lastseen": "2021-07-28T14:46:51", "description": "The Cyrus IMAP (Internet Message Access Protocol) server provides access to personal mail, system-wide bulletin boards, news-feeds, calendar and contac ts through the IMAP, JMAP, NNTP, CalDAV and CardDAV protocols. The Cyrus IMAP server is a scalable enterprise groupware system designed for use from smal l to large enterprise environments using technologies based on well-established Open Standards. A full Cyrus IMAP implementation allows a seamless mail and bulletin board environment to be set up across one or more nodes. It differs from other IM AP server implementations in that it is run on sealed nodes, where users are n ot normally permitted to log in. The mailbox database is stored in parts of the filesystem that are private to the Cyrus IMAP system. All user access to ma il is through software using the IMAP, IMAPS, JMAP, POP3, POP3S, KPOP, CalDAV and/or CardDAV protocols. The private mailbox database design gives the Cyrus IMAP server large advantages in efficiency, scalability, and administratability. Multiple concurrent read/write connections to the same mailbox are permitted. The se rver supports access control lists on mailboxes and storage quotas on mailbox hierarchies. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-01-04T22:16:34", "type": "fedora", "title": "[SECURITY] Fedora 30 Update: cyrus-imapd-3.0.13-1.fc30", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-18928", "CVE-2019-19783"], "modified": "2020-01-04T22:16:34", "id": "FEDORA:620DF6047311", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-07-28T14:46:51", "description": "The Cyrus IMAP (Internet Message Access Protocol) server provides access to personal mail, system-wide bulletin boards, news-feeds, calendar and contac ts through the IMAP, JMAP, NNTP, CalDAV and CardDAV protocols. The Cyrus IMAP server is a scalable enterprise groupware system designed for use from smal l to large enterprise environments using technologies based on well-established Open Standards. A full Cyrus IMAP implementation allows a seamless mail and bulletin board environment to be set up across one or more nodes. It differs from other IM AP server implementations in that it is run on sealed nodes, where users are n ot normally permitted to log in. The mailbox database is stored in parts of the filesystem that are private to the Cyrus IMAP system. All user access to ma il is through software using the IMAP, IMAPS, JMAP, POP3, POP3S, KPOP, CalDAV and/or CardDAV protocols. The private mailbox database design gives the Cyrus IMAP server large advantages in efficiency, scalability, and administratability. Multiple concurrent read/write connections to the same mailbox are permitted. The se rver supports access control lists on mailboxes and storage quotas on mailbox hierarchies. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-01-05T00:42:32", "type": "fedora", "title": "[SECURITY] Fedora 31 Update: cyrus-imapd-3.0.13-1.fc31", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-18928", "CVE-2019-19783"], "modified": "2020-01-05T00:42:32", "id": "FEDORA:340B3606D25C", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "redhat": [{"lastseen": "2021-10-19T20:35:37", "description": "The cyrus-imapd packages contain a high-performance mail server with IMAP, POP3, NNTP, and SIEVE support.\n\nSecurity Fix(es):\n\n* cyrus-imapd: privilege escalation in HTTP request (CVE-2019-18928)\n\n* cyrus-imapd: lmtpd component created mailboxes with administrator privileges if the \"fileinto\" was used, bypassing ACL checks (CVE-2019-19783)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-11-03T12:24:17", "type": "redhat", "title": "(RHSA-2020:4655) Moderate: cyrus-imapd security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-18928", "CVE-2019-19783"], "modified": "2020-11-04T00:03:09", "id": "RHSA-2020:4655", "href": "https://access.redhat.com/errata/RHSA-2020:4655", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "ubuntu": [{"lastseen": "2022-05-03T18:28:15", "description": "It was dicovered that Cyrus IMAP Server could execute arbitrary code via a \ncrafted HTTP PUT operation for an event with a long iCalendar property name. \nAn attacker could use this vulnerability to cause a crash or possibly execute \narbitrary code. (CVE-2019-11356)\n\nIt was discovered that the Cyrus IMAP Server allow users to create any \nmailbox with administrative privileges. A local attacker could use this to \nobtain sensitive information. (CVE-2019-19783)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-10-05T00:00:00", "type": "ubuntu", "title": "Cyrus IMAP Server vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-11356", "CVE-2019-19783"], "modified": "2020-10-05T00:00:00", "id": "USN-4566-1", "href": "https://ubuntu.com/security/notices/USN-4566-1", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "oraclelinux": [{"lastseen": "2021-07-28T14:24:41", "description": "[3.0.7-19]\n- change ownership of pki files (#1710722)\n[3.0.7-18]\n- Move old changelog into separate file (#1671239)\n[3.0.7-17]\n- Add fix for CVE-2019-19783\n- Add fix for CVE-2019-18928", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-11-10T00:00:00", "type": "oraclelinux", "title": "cyrus-imapd security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-18928", "CVE-2019-19783"], "modified": "2020-11-10T00:00:00", "id": "ELSA-2020-4655", "href": "http://linux.oracle.com/errata/ELSA-2020-4655.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "almalinux": [{"lastseen": "2021-08-11T15:48:35", "description": "The cyrus-imapd packages contain a high-performance mail server with IMAP, POP3, NNTP, and SIEVE support.\n\nSecurity Fix(es):\n\n* cyrus-imapd: privilege escalation in HTTP request (CVE-2019-18928)\n\n* cyrus-imapd: lmtpd component created mailboxes with administrator privileges if the \"fileinto\" was used, bypassing ACL checks (CVE-2019-19783)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-11-03T12:24:17", "type": "almalinux", "title": "Moderate: cyrus-imapd security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-18928", "CVE-2019-19783"], "modified": "2021-08-11T13:42:14", "id": "ALSA-2020:4655", "href": "https://errata.almalinux.org/8/ALSA-2020-4655.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}