Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 59341

Summary: net-mail/ripmime Attachment Extraction Bypass
Product: Gentoo Security Reporter: Sune Kloppenborg Jeppesen (RETIRED) <jaervosz>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: minor CC: gregf, vapier
Priority: High    
Version: unspecified   
Hardware: All   
OS: All   
URL: http://secunia.com/advisories/12201/
Whiteboard: B4 [glsa?]
Package list:
Runtime testing required: ---

Description Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2004-08-04 00:42:25 UTC 
CHANGES---------------------------------------------------------------
Fri Jul 30 2004
	- PLD:REL:21H06
		!!!!URGENT RELEASE!!!!
		Released 1.3.2.3

		There's viruses going around exploiting the ability to hide the 
		majority of their data in an attachment by using blank lines and
		other tricks to make scanning systems prematurely terminate their
		base64 decoding.
Comment 1 Thierry Carrez (RETIRED) gentoo-dev 2004-08-04 08:05:36 UTC 
gregf : please bump ripmime package to version 1.3.2.3.
Comment 2 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2004-08-07 08:16:58 UTC 
Bumping 1.3.1.2 emerges fine.
Comment 3 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2004-08-12 09:25:39 UTC 
seems like gregf is on vacation. Mike would you look into this?
Comment 4 SpanKY gentoo-dev 2004-08-13 05:56:54 UTC 
added 1.3.2.3 to portage but i dont think this warrants a GLSA

i tested it on x86/ppc/sparc
Comment 5 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2004-08-13 06:33:22 UTC 
Thx Mike. 

All arches marked stable.

Closing with no GLSA.