Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 111872 - Version bump: mail-client/sylpheed (2.0.4)
Summary: Version bump: mail-client/sylpheed (2.0.4)
Status: RESOLVED DUPLICATE of bug 111853
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High enhancement (vote)
Assignee: Gentoo Security
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2005-11-08 06:17 UTC by lzap
Modified: 2011-10-30 22:38 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description lzap 2005-11-08 06:17:54 UTC 
Sylpheed 2.0.4 has been released. I have tested the ebuild for 2.0.4 - works fine.

Reproducible: Always
Steps to Reproduce:
1.
2.
3.
Comment 1 Daniel Webert 2005-11-09 08:04:46 UTC 
08 November 2005 Sylpheed 2.0.4 (stable) and 1.0.6 (old stable) released

Since a security hole was discovered, the fixed versions were released. All
users are recommended to upgrade.

There was a bug that caused buffer overflow in the LDIF import routine of the
addressbook. This bug exists in every version since 0.6.4. It only affects when
the LDIF import feature is used.
Changes (2.0.4)

    * [SECURITY] A buffer overflow of LDIF import was fixed.
    * The problem that drag and drop didn't work with GTK+ 2.8 was fixed.
Comment 2 Daniel Webert 2005-11-09 08:04:58 UTC 
08 November 2005 Sylpheed 2.0.4 (stable) and 1.0.6 (old stable) released

Since a security hole was discovered, the fixed versions were released. All
users are recommended to upgrade.

There was a bug that caused buffer overflow in the LDIF import routine of the
addressbook. This bug exists in every version since 0.6.4. It only affects when
the LDIF import feature is used.
Changes (2.0.4)

    * [SECURITY] A buffer overflow of LDIF import was fixed.
    * The problem that drag and drop didn't work with GTK+ 2.8 was fixed.
Comment 3 Olivier Castan 2005-11-10 06:27:18 UTC 
Component should be "security" IMHO...
Fedora update notice (with CVE ref: CVE-2005-3354) :
http://www.redhat.com/archives/fedora-announce-list/2005-November/msg00025.html
Development version should be upgraded from 2.1.4 to 2.1.6 too
And sylpheed-claws should be upgraded to 1.9.100 :
http://planet.sylpheed.org/
Comment 4 Tuan Van (RETIRED) gentoo-dev 2005-11-10 08:33:40 UTC 
(In reply to comment #3)
> Component should be "security" IMHO...
> Fedora update notice (with CVE ref: CVE-2005-3354) :
> http://www.redhat.com/archives/fedora-announce-list/2005-November/msg00025.html
> Development version should be upgraded from 2.1.4 to 2.1.6 too
> And sylpheed-claws should be upgraded to 1.9.100 :
> http://planet.sylpheed.org/

OK, hand it over to security team.
Comment 5 Thierry Carrez (RETIRED) gentoo-dev 2005-11-10 08:45:01 UTC 

*** This bug has been marked as a duplicate of 111853 ***