Summary: | <mail-client/claws-mail-3.13.2: Stack Overflow (incomplete fix for CVE-2015-8614) (CVE-2015-8708) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | boxcars, gentoo, net-mail+disabled, polynomial-c |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.openwall.com/lists/oss-security/2015/12/31/1 | ||
Whiteboard: | B2 [glsa cve] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | |||
Bug Blocks: | 525588, 569010 |
Description
Agostino Sarubbo
2016-01-03 09:46:55 UTC
According to the upstream bug this was fixed now: http://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=3557 And there's just been a new release (3.13.2) which is already in the tree, so I think what's left to do is stabilize it. 3.13.2 in tree for 30+ days, no open bugs against it. Calling for stabilization: Arches, please test and mark stable: =mail-client/claws-mail-3.13.2 Target Keywords : "alpha amd64 hppa ppc ppc64 sparc x86" Thank you! Stable for HPPA. amd64 stable Stable on alpha. Scratch that. Dependencies missing. Putting this on the back burner while I deal with other security stuff (since that is the only pushback I have). (In reply to Tobias Klausmann from comment #6) > Scratch that. Dependencies missing. > > Putting this on the back burner while I deal with other security stuff > (since that is the only pushback I have). Yeah, the following dependencies also need stabilization: USE="gdata": =dev-libs/libgdata-0.17.4-r1 USE="webkit": =net-libs/webkit-gtk-2.4.9-r200 repoman didn't show any additional dependencies for these two package regarding alpha. Feel free to mask any of these USE flags. x86 stable I stable-maske the webkit USE flag for alpha, thus avoding the need to stabilize it for claws-mail. libgdata (and its test-dep uhttpmock) I stabilized for alpha, along with clawsmail-3.13.2 ppc and ppc64 will drop to ~arch version until there will be stable requests. sparc stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one. commit e002a44aed76da951c85d7f7ec1e2298f06120be Author: Lars Wendler <polynomial-c@gentoo.org> Date: Sun Mar 20 18:14:39 2016 mail-client/claws-mail: Security cleanup (bug #570692). Package-Manager: portage-2.2.28 Signed-off-by: Lars Wendler <polynomial-c@gentoo.org> Arches and Maintainer(s), Thank you for your work. New GLSA Request filed. This issue was resolved and addressed in GLSA 201606-11 at https://security.gentoo.org/glsa/201606-11 by GLSA coordinator Aaron Bauman (b-man). |