Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 59341 - net-mail/ripmime Attachment Extraction Bypass
Summary: net-mail/ripmime Attachment Extraction Bypass
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All All
: High minor (vote)
Assignee: Gentoo Security
URL: http://secunia.com/advisories/12201/
Whiteboard: B4 [glsa?]
Keywords:
Depends on:
Blocks:
 
Reported: 2004-08-04 00:42 UTC by Sune Kloppenborg Jeppesen (RETIRED)
Modified: 2011-10-30 22:40 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2004-08-04 00:42:25 UTC 
CHANGES---------------------------------------------------------------
Fri Jul 30 2004
	- PLD:REL:21H06
		!!!!URGENT RELEASE!!!!
		Released 1.3.2.3

		There's viruses going around exploiting the ability to hide the 
		majority of their data in an attachment by using blank lines and
		other tricks to make scanning systems prematurely terminate their
		base64 decoding.
Comment 1 Thierry Carrez (RETIRED) gentoo-dev 2004-08-04 08:05:36 UTC 
gregf : please bump ripmime package to version 1.3.2.3.
Comment 2 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2004-08-07 08:16:58 UTC 
Bumping 1.3.1.2 emerges fine.
Comment 3 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2004-08-12 09:25:39 UTC 
seems like gregf is on vacation. Mike would you look into this?
Comment 4 SpanKY gentoo-dev 2004-08-13 05:56:54 UTC 
added 1.3.2.3 to portage but i dont think this warrants a GLSA

i tested it on x86/ppc/sparc
Comment 5 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2004-08-13 06:33:22 UTC 
Thx Mike. 

All arches marked stable.

Closing with no GLSA.