oss-sec mailing list archives
Re: heap overflow in procmail
From: Jakub Wilk <jwilk () jwilk net>
Date: Wed, 21 Jan 2015 15:15:04 +0100
* Tavis Ormandy <taviso () google com>, 2014-09-03, 11:52:
I noticed a heap overflow in procmail when parsing addresses with unbalanced quotes.
Unfortunately, there's more: https://bugs.debian.org/769937Apparently procmail upstream is inactive; and nobody understands how this code works.
At this point, I'd recommend that formail users switch to reformail[0], which is mostly (but not completely) compatible with formail.
[0] http://www.courier-mta.org/reformail.html -- Jakub Wilk
Current thread:
- Re: heap overflow in procmail Jakub Wilk (Jan 21)
- Re: heap overflow in procmail cve-assign (Jan 22)
- Re: heap overflow in procmail Jakub Wilk (Feb 12)
- Re: heap overflow in procmail Salvatore Bonaccorso (Feb 22)
- Re: heap overflow in procmail Jakub Wilk (Feb 12)
- Re: heap overflow in procmail Salvatore Bonaccorso (Feb 11)
- Re: heap overflow in procmail cve-assign (Jan 22)