Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 617936 (CVE-2017-8825)

Summary: <net-libs/libetpan-1.8: null deference Denial of Service
Product: Gentoo Security Reporter: GLSAMaker/CVETool Bot <glsamaker>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: minor CC: net-mail+disabled
Priority: Normal Flags: stable-bot: sanity-check+
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: B3 [noglsa cve]
Package list:
=net-libs/libetpan-1.8
 Runtime testing required: ---

Description GLSAMaker/CVETool Bot gentoo-dev 2017-05-09 07:29:10 UTC 
CVE-2017-8825 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-8825):
  A null dereference vulnerability has been found in the MIME handling
  component of LibEtPan before 1.8, as used in MailCore and MailCore 2. A
  crash can occur in low-level/imf/mailimf.c during a failed parse of a Cc
  header containing multiple e-mail addresses.
Comment 1 Lars Wendler (Polynomial-C) (RETIRED) gentoo-dev 2017-05-09 07:57:11 UTC 
commit 1f362f4f4744ccb668f63ea34f521e3671acd99e
Author: Lars Wendler <polynomial-c@gentoo.org>
Date:   Tue May 9 09:55:17 2017

    net-libs/libetpan: Security bump to version 1.8 (bug #617936).

    Package-Manager: Portage-2.3.5, Repoman-2.3.2
Comment 2 Lars Wendler (Polynomial-C) (RETIRED) gentoo-dev 2017-05-16 07:10:00 UTC 
Arches please test and mark stable =net-libs/libetpan-1.8 with target KEYWORDS:

alpha amd64 ~arm hppa ~mips ppc ppc64 sparc x86 ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x86-macos
Comment 3 Agostino Sarubbo gentoo-dev 2017-05-16 12:25:22 UTC 
amd64 stable
Comment 4 Agostino Sarubbo gentoo-dev 2017-05-16 12:58:18 UTC 
x86 stable
Comment 5 Agostino Sarubbo gentoo-dev 2017-05-16 13:07:56 UTC 
ppc64 stable
Comment 6 Michael Weber (RETIRED) gentoo-dev 2017-05-17 15:49:12 UTC 
ppc stable.
Comment 7 Jeroen Roovers (RETIRED) gentoo-dev 2017-05-18 07:21:16 UTC 
Stable for HPPA.
Comment 8 Agostino Sarubbo gentoo-dev 2017-05-18 11:50:48 UTC 
This does not requires any special config, so this is B
Comment 9 Agostino Sarubbo gentoo-dev 2017-05-22 11:41:24 UTC 
sparc stable
Comment 10 Tobias Klausmann (RETIRED) gentoo-dev 2017-05-22 13:26:12 UTC 
Stable on alpha.
Comment 11 Thomas Deutschmann (RETIRED) gentoo-dev 2017-06-08 18:12:17 UTC 
GLSA Vote: No

@ Maintainer(s): Please cleanup and drop <net-libs/libetpan-1.8!
Comment 12 Aaron Bauman (RETIRED) gentoo-dev 2017-07-09 23:49:01 UTC 
@maintainers, please cleanup.
Comment 13 Eray Aslan gentoo-dev 2017-07-13 06:00:50 UTC 
cleanup done.