103050 – mail-client/mutt: buffer overflow vulnerability

Bug 103050 - mail-client/mutt: buffer overflow vulnerability

Summary: mail-client/mutt: buffer overflow vulnerability

Status:	RESOLVED INVALID

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	High critical (vote)
Assignee:	Gentoo Security

URL:	http://www.derkeiler.com/Mailing-List...
Whiteboard:	B1 [ebuild] DerCorny
Keywords:

Duplicates (1):	103089 (view as bug list)
Depends on:
Blocks:

Reported:	2005-08-19 04:48 UTC by Sebastian
Modified:	2005-08-19 23:11 UTC (History)
CC List:	2 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Sebastian 2005-08-19 04:48:04 UTC

Hi all,

I just saw this and thought I'd post it. I don't know if this is really a mutt
bug, but I use mutt and better safe then sorry.

Security Advisory:

http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2005-08/0600.html

Thanks for looking at it

Sebastian

Reproducible: Always
Steps to Reproduce:
1.
2.
3.

Comment 1 Sebastian 2005-08-19 04:49:21 UTC

Ah, the initial advisory is here:

http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2005-08/0594.html

Comment 2 Stefan Cornelius (RETIRED) gentoo-dev

2005-08-19 04:54:15 UTC

net-mail please provide updated ebuilds, thanks.

Comment 3 Tavis Ormandy (RETIRED) gentoo-dev

2005-08-19 04:54:59 UTC

I believe this was later discovered to only affect openbsd

Comment 4 Stefan Cornelius (RETIRED) gentoo-dev

2005-08-19 05:01:29 UTC

Sorry, I was a bit trigger happy. This bug seems to affect only some openbsd
systems so we are safe.

Comment 5 Tavis Ormandy (RETIRED) gentoo-dev

2005-08-19 23:11:30 UTC

*** Bug 103089 has been marked as a duplicate of this bug. ***