oss-sec mailing list archives
mail-client/claws-mail-3.13.1: Stack Overflow - CVE needed?
From: Kurt Seifried <kseifried () redhat com>
Date: Mon, 21 Dec 2015 13:41:16 -0700
As per https://bugs.gentoo.org/show_bug.cgi?id=569010 Hanno Boeck [image: gentoo-dev] 2015-12-21 15:15:17 UTC This upstream bug was fixed in 3.13.1:http://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=3557 The title is "Remotely exploitable bug", but the information is a bit unclear. It looks like this is a stack overflow. Anyway, probably means 3.13.1 should receive fast stabilization and a GLSA. This version also fixes two oob errors I reported, I don't think they're security risks, but for completeness here they are (some consider every oob issue to be worthy of treating as a potential security issue):http://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=3559http://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=3563 -- -- Kurt Seifried -- Red Hat -- Product Security -- Cloud PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 Red Hat Product Security contact: secalert () redhat com
Current thread:
- mail-client/claws-mail-3.13.1: Stack Overflow - CVE needed? Kurt Seifried (Dec 21)
- Re: mail-client/claws-mail-3.13.1: Stack Overflow - CVE needed? cve-assign (Dec 21)
- Re: mail-client/claws-mail-3.13.1: Stack Overflow - CVE needed? Ben Hutchings (Dec 30)
- Re: mail-client/claws-mail-3.13.1: Stack Overflow - CVE needed? cve-assign (Dec 31)
- Re: mail-client/claws-mail-3.13.1: Stack Overflow - CVE needed? Ben Hutchings (Dec 30)
- Re: mail-client/claws-mail-3.13.1: Stack Overflow - CVE needed? cve-assign (Dec 21)