Summary: | mail-client/{sylpheed|sylpheed-claws} buffer overflow | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | fbusse |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | genone, hattya, net-mail+disabled, plate |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://sylpheed.good-day.net/ | ||
Whiteboard: | B2 [glsa] jaervosz | ||
Package list: | Runtime testing required: | --- |
Description
fbusse
2005-03-04 01:03:36 UTC
Akinori please bump. hattya / net-mail: please bump to 1.0.3 Development version 1.9.5 with the same fix has been released. The new version in portage (1.9.5) works fine for me, but please also include the references-patch from 1.9.2 (works without change for 1.9.5 as well). *** Bug 84379 has been marked as a duplicate of this bug. *** *sylpheed-1.0.3 (07 Mar 2005) 07 Mar 2005; Akinori Hattori <hattya@gentoo.org> +sylpheed-1.0.3.ebuild: new upstream release. fixes bug #84056 and #84379. Thx for noting Langthan. Akinori Hattori please comment on the bug next time. Arches please test and mark stable. Stable on ppc. Oopps. Reopen. Stable on amd64. stable on ppc64 a quick look at compose.c in sylpheed-claws suggests its vulnerable to the compose overflow. I used this patch as a reference: http://sylpheed.good-day.net/sylpheed/v1.0/sylpheed-1.0.2-1.0.3.patch.gz And checked the source after: rob@leet ~ $ sudo ebuild /usr/portage/mail-client/sylpheed-claws/sylpheed-claws-1.0.1.1.ebuild unpack This version is vulnerable to the overflow which the above patch correct in sylpheed. I haven't checked other versions, but I assume they also contain the flaw. Adding genone to advise on sylpheed-claws. sparc stable. -claws is also affected, 1.0.3 has the patch and just got into cvs as ~arch as I still have to test it a little bit more and also check the plugins. sylpheed-claws-1.0.3 marked stable on x86 and amd64, still needs ppc, sparc and alpha love. Stable on ppc. Stable on SPARC. Stable on hppa \o/ sylpheed-1.0.3 still needs x86 and alpha stable (ia64 should also mark stable) sylpheed-claws-1.0.3 still needs alpha stable Alpha stable. Hattya, please mark Sylpeed stable on x86. 19 Mar 2005; Akinori Hattori <hattya@gentoo.org> sylpheed-1.0.3.ebuild: stable on x86. fixes bug #84056. Thanks hattya, but please update the bug next time. Ready for GLSA. GLSA 200503-26. ia64, please mark stable to benefit from GLSA. Stable on ia64. |