Sylpheed 2.0.4 has been released. I have tested the ebuild for 2.0.4 - works fine. Reproducible: Always Steps to Reproduce: 1. 2. 3.
08 November 2005 Sylpheed 2.0.4 (stable) and 1.0.6 (old stable) released Since a security hole was discovered, the fixed versions were released. All users are recommended to upgrade. There was a bug that caused buffer overflow in the LDIF import routine of the addressbook. This bug exists in every version since 0.6.4. It only affects when the LDIF import feature is used. Changes (2.0.4) * [SECURITY] A buffer overflow of LDIF import was fixed. * The problem that drag and drop didn't work with GTK+ 2.8 was fixed.
Component should be "security" IMHO... Fedora update notice (with CVE ref: CVE-2005-3354) : http://www.redhat.com/archives/fedora-announce-list/2005-November/msg00025.html Development version should be upgraded from 2.1.4 to 2.1.6 too And sylpheed-claws should be upgraded to 1.9.100 : http://planet.sylpheed.org/
(In reply to comment #3) > Component should be "security" IMHO... > Fedora update notice (with CVE ref: CVE-2005-3354) : > http://www.redhat.com/archives/fedora-announce-list/2005-November/msg00025.html > Development version should be upgraded from 2.1.4 to 2.1.6 too > And sylpheed-claws should be upgraded to 1.9.100 : > http://planet.sylpheed.org/ OK, hand it over to security team.
*** This bug has been marked as a duplicate of 111853 ***