Colin Leroy has found three buffer overflows in Sylpheed and Sylpheed-Claws. They are locally exploitable and could allow execution of code as the current user. One of them is in the LDIF importer, accessible from the Addressbook (Tools menu). If the chosen file has a line longer than 2047 chars, sylpheed(-claws) will segfault because the program will try to write after the end of a 2048 chars static buffer. I don't know if this can be exploited. The other two are similar and concern only Sylpheed-Claws. They happen in the Mutt and Pine addressbook importers found in the same place, and the problem is the same. Vulnerable versions: Sylpheed: from 0.6.4 to 2.0.3 (stable), 2.1.5 (development), 1.0.5 (old) Sylpheed-Claws: from 0.6.4 to 1.9.99 (included) Fixed versions: Sylpheed: >= 2.0.4 (stable), 2.1.6 (development), 1.0.6 (old) Sylpheed-Claws: >= 1.9.100
This is semi-public, meaning it's not been announced yet but can be found in upstream CVS. We are free to commit new releases to Portage. hattya: we should add the following fixed versions : sylpheed-2.0.4 (stable) sylpheed-2.1.6 (~/masked) genone: for sylpheed-claws, we might need to backport the fix for our 1.0.5 stable line, as only 1.9.100 is released to fix. These are the patches for sylpheed-claws : http://colino.net/sylpheed-claws-gtk2/getpatchset.php3?ver=1.9.99cvs13 http://colino.net/sylpheed-claws-gtk2/getpatchset.php3?ver=1.9.99cvs15
*** Bug 111872 has been marked as a duplicate of this bug. ***
Now completely public, please patch.
will do what I can at the weekend (I'm currently pretty busy during the week), hopefully the patch for 1.0.5 shouldn't be tricky. The 1.9 branch might take a bit longer as it also requires updated plugins (this is why .99 is still p.masked).
Ok, committed a 1.0.5-r1 as ~arch and a p.masked 1.9.100 (due to broken plugins).
*** Bug 112198 has been marked as a duplicate of this bug. ***
Sylpheed 2.0.4 and 2.1.6 are in CVS.
Sylpheed-claws-1.9.100 unmasked as of a few minutes ago. All that remains to do for -claws is marking 1.0.5-r1 stable.
arches, please test and mark stable if possible: mail-client/sylpheed-2.0.4: target keywords: "alpha amd64 hppa ia64 ppc ~ppc64 sparc x86" mail-client/sylpheed-claws-1.0.5-r1: target keywords: "alpha amd64 ppc ppc64 sparc x86"
marked both ppc64 stable.
ppc and hppa done.
SPARCy SPARC and the stable bunch
marked both stable on alpha.
x86 is feeling a bit of those good vibrations, too...
sylpheed doesn't like it when you don't give true settings, it hangs when you try to set up an account for dev.g.o on port 143... it hangs and you have to kill it. however, 2.0.1 has the same behaviour, so this gets the amd64 keyword nevertheless. both marked stable on amd64
Thx everyone... GLSA 200511-13 ia64 should mark stable to benefit from GLSA