oss-sec mailing list archives
CVE-2014-0469: xbuffy stack-based buffer overflow in subject processing
From: Yves-Alexis Perez <corsac () debian org>
Date: Mon, 28 Apr 2014 10:31:12 +0200
Hi, just to let the list know that a Debian (and derivatives, like Ubuntu) specific vulnerability was found and fixed in xbuffy (a program to monitor mailboxes and newsgroups and show a mail count). The vulnerability was a stack-based buffer overflow, which could be triggered by a remote attacker sending a carefully crafted mail. It was introduced by a Debian-specific patch, and the software looks dead upstream, so we issued CVE-2014-0469 from our pool. The fix is only available in unstable [1] now, but stable and oldstable should follow soon. [1]: http://packages.qa.debian.org/x/xbuffy/news/20140427T181904Z.html Regards, -- Yves-Alexis Perez
Attachment:
signature.asc
Description: Digital signature
Current thread:
- CVE-2014-0469: xbuffy stack-based buffer overflow in subject processing Yves-Alexis Perez (Apr 28)