Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 569010 (CVE-2015-8614) - <mail-client/claws-mail-3.13.1: Stack Overflow (CVE-2015-8614)
Summary: <mail-client/claws-mail-3.13.1: Stack Overflow (CVE-2015-8614)
Status: RESOLVED FIXED
Alias: CVE-2015-8614
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B2 [glsa cve]
Keywords:
Depends on: 568954 569828 569830 CVE-2015-8708
Blocks: 525588 569826
  Show dependency tree
 
Reported: 2015-12-21 15:15 UTC by Hanno Böck
Modified: 2016-06-26 12:42 UTC (History)
4 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Hanno Böck gentoo-dev 2015-12-21 15:15:17 UTC
This upstream bug was fixed in 3.13.1:
http://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=3557

The title is "Remotely exploitable bug", but the information is a bit unclear. It looks like this is a stack overflow. Anyway, probably means 3.13.1 should receive fast stabilization and a GLSA.

This version also fixes two oob errors I reported, I don't think they're security risks, but for completeness here they are (some consider every oob issue to be worthy of treating as a potential security issue):
http://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=3559
http://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=3563
Comment 1 Lars Wendler (Polynomial-C) gentoo-dev 2015-12-26 13:02:27 UTC
Arches please test and mark stable =mail-client/claws-mail-3.13.1 with target KEYWORDS:

alpha amd64 ~arm hppa ~mips ppc ppc64 sparc x86 ~x86-fbsd
Comment 2 Craig Inches 2015-12-27 17:45:06 UTC
AMD 64: OK
Comment 3 Jeroen Roovers gentoo-dev 2015-12-29 06:40:31 UTC
Stable for HPPA.
Comment 4 Jeroen Roovers gentoo-dev 2015-12-29 06:49:29 UTC
I'm having a bit of trouble testing on PPC64 since dev-libs/libgdata -> net-libs/gnome-online-accounts -> [PDEPEND]: gnome-base/gnome-control-center pulls in half the GNOME distribution. I could mask USE=gnome easily, though.
Comment 5 Agostino Sarubbo gentoo-dev 2016-01-05 10:40:24 UTC
we will continue in bug 570692
Comment 6 Yury German Gentoo Infrastructure gentoo-dev Security 2016-04-26 06:28:25 UTC
Added to an existing GLSA Request.
Comment 7 GLSAMaker/CVETool Bot gentoo-dev 2016-06-26 12:42:42 UTC
This issue was resolved and addressed in
 GLSA 201606-11 at https://security.gentoo.org/glsa/201606-11
by GLSA coordinator Aaron Bauman (b-man).