[Users] [Bug 3557] Remotely exploitable bug.
noreply at thewildbeast.co.uk
noreply at thewildbeast.co.uk
Wed Dec 30 14:50:10 CET 2015
http://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=3557
Ricardo Mones <mones at users.sourceforge.net> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |REOPENED
Resolution|FIXED |---
--- Comment #6 from Ricardo Mones <mones at users.sourceforge.net> ---
After being notified of this:
https://security-tracker.debian.org/tracker/CVE-2015-8614
Seems this is only partially fixed (wrong operator was fixed in #3584), and
there's code paths which exceed the number of reserved chars for output.
Similar functions in libsylph¹ are unaffected², so those could be used instead.
¹
http://sylpheed.sraoss.jp/redmine/projects/sylpheed/repository/entry/libsylph/codeconv.c
² https://lists.debian.org/debian-lts/2015/12/msg00104.html
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the Users
mailing list