Buffer overflow in Metamail 2.7-50 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via e-mail messages with a long boundary attribute, a different vulnerability than CVE-2004-0105.
net-mail please provide updated ebuilds, thanks.
Remote attacker can trigger by sending an email -> B1.
Created attachment 82118 [details] sample email from Debian bug. metamail-2.7.45.3-r1.ebuild committed. attached is the sample email taken from Debian bug. metamail crash with $ /usr/bin/metamail < metamail.txt From: <metaur@localhost> To: <metaur@localhost> Subject: metamail crash bug *** glibc detected *** free(): invalid next size (normal): 0x0805fc30 *** Aborted Security, please do your dance. Enjoy.
Archs please test and mark stable.
We came, we tested, we alpha'd. Cheers, Ferdy
stable on ppc64
amd64 stable.
x86 stable. btw, halcy0n has really pretty blue eyes. :))
hppa done by killerfox
SPARC'd
ppc stable
ready for glsa
GLSA 200603-16 Thanks everybody.