oss-sec mailing list archives

Re: mail-client/claws-mail-3.13.1: Stack Overflow - CVE needed?

From: cve-assign () mitre org
Date: Thu, 31 Dec 2015 11:21:59 -0500 (EST)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

In conv_euctojis() the comparison is with outlen - 3, but each pass
through the loop uses up to 5 bytes and the rest of the function may
add another 4 bytes. The comparison should presumably be 
'<= outlen - 9' or equivalently '< outlen - 8'.


Use CVE-2015-8708 for this additional issue that exists because
of an incomplete fix for CVE-2015-8614.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJWhVWsAAoJEL54rhJi8gl583EP/Ar22NETcsAQunMB1xi81oyH
vkto+MAV1mgFL/eKrIoE0Khka+hUdF3N5YBF6GvNR2nV6bDigWurxyWpYZirXMp1
R5+SpbjsRoeqck/l7r9laILvZceudpiZwDcM60YQgwHjrUMRp82b/Xix7orIvctj
QKqaXvGKr4Uqb8ELOgMoewtcf3PtalLaXFwFzmAlbbVV52QTZlESwWXvVzM4Wde4
BM82WAT+mePcYzc4gt7525D0BXaPglBoqW/eOis22Xk0+26J3aU7MjWU2e9DY+mI
xN9UV0qRBUFK1wpmX0NsedzQkE7fFp3J5L1bzlmrVoFjWXEvZRdm8VyF9ql9XcE4
9jH0RKgCh8SWZJxsp1wZ0O7FRWLye2p23Pu+IBl6ZTQBDtfZJhdSpFnvD8b3ozcq
JmOuR00HngwYtPjvcwXSz5Uo80XBw7fY/7FUUVpYPioKqbnfyNT8Yqpf+3O5gAKu
15fRQ7/xxeE5RIM8tuXwI1UdguExWcF5EYijrOBtjnm2TamFhgeeDjhNnx7tpyVG
FmfOf2mHj8i1OooSnnG2xOzz6jeXZDXC+ILqj0P3ba6NK++vg67V/Ol/ps8Bnvm4
Jt1m3Cl9cHwePC7n49dxPBeNL1mY4B5YJEcuD0fsfA3znnG2ySvhdgguvW7+cTii
IlR4SKZFQqONyagYD9Zl
=xxDi
-----END PGP SIGNATURE-----

Current thread:

mail-client/claws-mail-3.13.1: Stack Overflow - CVE needed? Kurt Seifried (Dec 21)
- Re: mail-client/claws-mail-3.13.1: Stack Overflow - CVE needed? cve-assign (Dec 21)
  - Re: mail-client/claws-mail-3.13.1: Stack Overflow - CVE needed? Ben Hutchings (Dec 30)
    - Re: mail-client/claws-mail-3.13.1: Stack Overflow - CVE needed? cve-assign (Dec 31)