Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 617936 (CVE-2017-8825) - <net-libs/libetpan-1.8: null deference Denial of Service
Summary: <net-libs/libetpan-1.8: null deference Denial of Service
Status: RESOLVED FIXED
Alias: CVE-2017-8825
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor
Assignee: Gentoo Security
URL:
Whiteboard: B3 [noglsa cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2017-05-09 07:29 UTC by GLSAMaker/CVETool Bot
Modified: 2017-07-16 00:10 UTC (History)
1 user (show)

See Also:
Package list:
=net-libs/libetpan-1.8
Runtime testing required: ---
stable-bot: sanity-check+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2017-05-09 07:29:10 UTC 
CVE-2017-8825 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-8825):
  A null dereference vulnerability has been found in the MIME handling
  component of LibEtPan before 1.8, as used in MailCore and MailCore 2. A
  crash can occur in low-level/imf/mailimf.c during a failed parse of a Cc
  header containing multiple e-mail addresses.
Comment 1 Lars Wendler (Polynomial-C) (RETIRED) gentoo-dev 2017-05-09 07:57:11 UTC 
commit 1f362f4f4744ccb668f63ea34f521e3671acd99e
Author: Lars Wendler <polynomial-c@gentoo.org>
Date:   Tue May 9 09:55:17 2017

    net-libs/libetpan: Security bump to version 1.8 (bug #617936).

    Package-Manager: Portage-2.3.5, Repoman-2.3.2
Comment 2 Lars Wendler (Polynomial-C) (RETIRED) gentoo-dev 2017-05-16 07:10:00 UTC 
Arches please test and mark stable =net-libs/libetpan-1.8 with target KEYWORDS:

alpha amd64 ~arm hppa ~mips ppc ppc64 sparc x86 ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x86-macos
Comment 3 Agostino Sarubbo gentoo-dev 2017-05-16 12:25:22 UTC 
amd64 stable
Comment 4 Agostino Sarubbo gentoo-dev 2017-05-16 12:58:18 UTC 
x86 stable
Comment 5 Agostino Sarubbo gentoo-dev 2017-05-16 13:07:56 UTC 
ppc64 stable
Comment 6 Michael Weber (RETIRED) gentoo-dev 2017-05-17 15:49:12 UTC 
ppc stable.
Comment 7 Jeroen Roovers (RETIRED) gentoo-dev 2017-05-18 07:21:16 UTC 
Stable for HPPA.
Comment 8 Agostino Sarubbo gentoo-dev 2017-05-18 11:50:48 UTC 
This does not requires any special config, so this is B
Comment 9 Agostino Sarubbo gentoo-dev 2017-05-22 11:41:24 UTC 
sparc stable
Comment 10 Tobias Klausmann (RETIRED) gentoo-dev 2017-05-22 13:26:12 UTC 
Stable on alpha.
Comment 11 Thomas Deutschmann (RETIRED) gentoo-dev 2017-06-08 18:12:17 UTC 
GLSA Vote: No

@ Maintainer(s): Please cleanup and drop <net-libs/libetpan-1.8!
Comment 12 Aaron Bauman (RETIRED) gentoo-dev 2017-07-09 23:49:01 UTC 
@maintainers, please cleanup.
Comment 13 Eray Aslan gentoo-dev 2017-07-13 06:00:50 UTC 
cleanup done.