The new version fixes at least one critical buffer overflow, which has been fixed in 1.0.3 and the svn-branch for the development-version. Here's the annoucement:
From: Hiroyuki Yamamoto <email@example.com>
Since a buffer overflow bug was found, I've made an urgent release of
1.0.3. This problem exists in almost all of the older version, so be
sure to upgrade. In the development version, it is fixed on the svn
* A buffer overflow which occurred when replying to a message with
certain headers which contain non-ascii characters was fixed.
* A memory leak of the composition window was fixed.
Akinori please bump.
hattya / net-mail: please bump to 1.0.3
Development version 1.9.5 with the same fix has been released.
The new version in portage (1.9.5) works fine for me, but please also include the references-patch from 1.9.2 (works without change for 1.9.5 as well).
*** Bug 84379 has been marked as a duplicate of this bug. ***
*sylpheed-1.0.3 (07 Mar 2005)
07 Mar 2005; Akinori Hattori <firstname.lastname@example.org> +sylpheed-1.0.3.ebuild:
new upstream release. fixes bug #84056 and #84379.
Thx for noting Langthan.
Akinori Hattori please comment on the bug next time.
Arches please test and mark stable.
Stable on ppc.
Stable on amd64.
stable on ppc64
a quick look at compose.c in sylpheed-claws suggests its vulnerable to the compose overflow.
I used this patch as a reference:
And checked the source after:
rob@leet ~ $ sudo ebuild /usr/portage/mail-client/sylpheed-claws/sylpheed-claws-184.108.40.206.ebuild unpack
This version is vulnerable to the overflow which the above patch correct in sylpheed.
I haven't checked other versions, but I assume they also contain the flaw.
Adding genone to advise on sylpheed-claws.
-claws is also affected, 1.0.3 has the patch and just got into cvs as ~arch as I still have to test it a little bit more and also check the plugins.
sylpheed-claws-1.0.3 marked stable on x86 and amd64, still needs ppc, sparc and alpha love.
Stable on SPARC.
Stable on hppa \o/
sylpheed-1.0.3 still needs x86 and alpha stable (ia64 should also mark stable)
sylpheed-claws-1.0.3 still needs alpha stable
Hattya, please mark Sylpeed stable on x86.
19 Mar 2005; Akinori Hattori <email@example.com> sylpheed-1.0.3.ebuild:
stable on x86. fixes bug #84056.
Thanks hattya, but please update the bug next time. Ready for GLSA.
ia64, please mark stable to benefit from GLSA.
Stable on ia64.