Debian Bug report logs - #338436
sylpheed-claws: Buffer overflow in LDIF/pine/mutt import

version graph

Package: sylpheed-claws; Maintainer for sylpheed-claws is (unknown);

Reported by: Moritz Muehlenhoff <jmm@inutil.org>

Date: Thu, 10 Nov 2005 09:18:13 UTC

Severity: grave

Tags: security

Fixed in version sylpheed-claws/1.0.5-2

Done: Ricardo Mones <mones@aic.uniovi.es>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Debian Security Team <team@security.debian.org>, Ricardo Mones <mones@aic.uniovi.es>:
Bug#338436; Package sylpheed-claws. Full text and rfc822 format available.

Acknowledgement sent to Moritz Muehlenhoff <jmm@inutil.org>:
New Bug report received and forwarded. Copy sent to Debian Security Team <team@security.debian.org>, Ricardo Mones <mones@aic.uniovi.es>. Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Moritz Muehlenhoff <jmm@inutil.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: sylpheed-claws: Buffer overflow in LDIF/pine/mutt import
Date: Thu, 10 Nov 2005 10:17:31 +0100
Package: sylpheed-claws
Severity: grave
Tags: security
Justification: user security hole

Buffer overflows have been found in Sylpheed-Claws's LDID/pine/mutt
address book import features. Quoting from the 1.9.100 release
announcement:

* Buffer overflows in the address book 'Import LDIF/Mutt/Pine file'
  functions were fixed. This was a security hole. It only affected
  these address book import functions, but we recommend that everyone
  upgrade.

Cheers,
        Moritz

-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.14-1-686
Locale: LANG=C, LC_CTYPE=de_DE.ISO-8859-15@euro (charmap=ISO-8859-15)



Bug 338436 cloned as bug 339529. Request was from Ricardo Mones <mones@aic.uniovi.es> to control@bugs.debian.org. Full text and rfc822 format available.

Reply sent to Ricardo Mones <mones@aic.uniovi.es>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to Moritz Muehlenhoff <jmm@inutil.org>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #12 received at 338436-close@bugs.debian.org (full text, mbox):

From: Ricardo Mones <mones@aic.uniovi.es>
To: 338436-close@bugs.debian.org
Subject: Bug#338436: fixed in sylpheed-claws 1.0.5-2
Date: Mon, 21 Nov 2005 15:32:06 -0800
Source: sylpheed-claws
Source-Version: 1.0.5-2

We believe that the bug you reported is fixed in the latest version of
sylpheed-claws, which is due to be installed in the Debian FTP archive:

libsylpheed-claws-dev_1.0.5-2_i386.deb
  to pool/main/s/sylpheed-claws/libsylpheed-claws-dev_1.0.5-2_i386.deb
sylpheed-claws-clamav_1.0.5-2_i386.deb
  to pool/main/s/sylpheed-claws/sylpheed-claws-clamav_1.0.5-2_i386.deb
sylpheed-claws-dillo-viewer_1.0.5-2_i386.deb
  to pool/main/s/sylpheed-claws/sylpheed-claws-dillo-viewer_1.0.5-2_i386.deb
sylpheed-claws-i18n_1.0.5-2_all.deb
  to pool/main/s/sylpheed-claws/sylpheed-claws-i18n_1.0.5-2_all.deb
sylpheed-claws-image-viewer_1.0.5-2_i386.deb
  to pool/main/s/sylpheed-claws/sylpheed-claws-image-viewer_1.0.5-2_i386.deb
sylpheed-claws-pgpmime_1.0.5-2_i386.deb
  to pool/main/s/sylpheed-claws/sylpheed-claws-pgpmime_1.0.5-2_i386.deb
sylpheed-claws-plugins_1.0.5-2_all.deb
  to pool/main/s/sylpheed-claws/sylpheed-claws-plugins_1.0.5-2_all.deb
sylpheed-claws-scripts_1.0.5-2_all.deb
  to pool/main/s/sylpheed-claws/sylpheed-claws-scripts_1.0.5-2_all.deb
sylpheed-claws-spamassassin_1.0.5-2_i386.deb
  to pool/main/s/sylpheed-claws/sylpheed-claws-spamassassin_1.0.5-2_i386.deb
sylpheed-claws-trayicon_1.0.5-2_i386.deb
  to pool/main/s/sylpheed-claws/sylpheed-claws-trayicon_1.0.5-2_i386.deb
sylpheed-claws_1.0.5-2.diff.gz
  to pool/main/s/sylpheed-claws/sylpheed-claws_1.0.5-2.diff.gz
sylpheed-claws_1.0.5-2.dsc
  to pool/main/s/sylpheed-claws/sylpheed-claws_1.0.5-2.dsc
sylpheed-claws_1.0.5-2_i386.deb
  to pool/main/s/sylpheed-claws/sylpheed-claws_1.0.5-2_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 338436@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Ricardo Mones <mones@aic.uniovi.es> (supplier of updated sylpheed-claws package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Mon, 21 Nov 2005 00:37:51 +0100
Source: sylpheed-claws
Binary: sylpheed-claws sylpheed-claws-trayicon sylpheed-claws-pgpmime sylpheed-claws-scripts libsylpheed-claws-dev sylpheed-claws-clamav sylpheed-claws-dillo-viewer sylpheed-claws-plugins sylpheed-claws-i18n sylpheed-claws-spamassassin sylpheed-claws-image-viewer
Architecture: source i386 all
Version: 1.0.5-2
Distribution: unstable
Urgency: high
Maintainer: Ricardo Mones <mones@aic.uniovi.es>
Changed-By: Ricardo Mones <mones@aic.uniovi.es>
Description: 
 libsylpheed-claws-dev - Development files to build plugins for Sylpheed-Claws
 sylpheed-claws - Extended version of the Sylpheed mail client
 sylpheed-claws-clamav - Clam AntiVirus plugin for Sylpheed Claws
 sylpheed-claws-dillo-viewer - HTML viewer plugin for Sylpheed Claws using Dillo
 sylpheed-claws-i18n - Locale data for Sylpheed Claws (i18n support)
 sylpheed-claws-image-viewer - Image viewer plugin for Sylpheed Claws
 sylpheed-claws-pgpmime - PGP/MIME plugin for Sylpheed Claws
 sylpheed-claws-plugins - Various plugins for the Sylpheed Claws mail client
 sylpheed-claws-scripts - Helper scripts for Sylpheed and Sylpheed Claws
 sylpheed-claws-spamassassin - SpamAssassin plugin for Sylpheed Claws
 sylpheed-claws-trayicon - Notification area plugin for Sylpheed Claws
Closes: 338436 340027
Changes: 
 sylpheed-claws (1.0.5-2) unstable; urgency=high
 .
   * Security upload (Closes: #338436)
   - Fixes CVE-2005-3354: Arbitrary code execution in Sylpheed
     Patch thanks Martin Schulze <joey@infodrom.org>
   * debian/control
   - Built with libreadline5-dev.
   - Removed circular dependency with i18n (Closes: #340027)
Files: 
 528151ae8822a51664aa63acb4bf608f 1270 mail optional sylpheed-claws_1.0.5-2.dsc
 449b1564c4e4ee0f938d85d371161430 29129 mail optional sylpheed-claws_1.0.5-2.diff.gz
 9041d0e0c2b144576441d61b68ccc4b9 108526 mail optional sylpheed-claws-plugins_1.0.5-2_all.deb
 db069db52ff3ed35d6ea036be982c422 167326 mail optional sylpheed-claws-scripts_1.0.5-2_all.deb
 96fc4bc8fb9ece569feb79f34e6c0f10 1188586 mail optional sylpheed-claws-i18n_1.0.5-2_all.deb
 fd14960e2ac20058ecfc26acd3ff33f0 916278 mail optional sylpheed-claws_1.0.5-2_i386.deb
 e9651190a88240d59131662f90a26f69 197484 devel optional libsylpheed-claws-dev_1.0.5-2_i386.deb
 3ea504ab11cd10860b9b9f938926fd1e 118030 mail optional sylpheed-claws-clamav_1.0.5-2_i386.deb
 4551ae6df25be2fa6381e75c3a7a05d6 115052 mail optional sylpheed-claws-dillo-viewer_1.0.5-2_i386.deb
 b0ae92e907960cae5157cfe8577a3711 115704 mail optional sylpheed-claws-image-viewer_1.0.5-2_i386.deb
 8ee5c9d638fb4a9db86a2a8fb89133af 126582 mail optional sylpheed-claws-spamassassin_1.0.5-2_i386.deb
 53047b7300f62736bb163cc82972bab5 121646 mail optional sylpheed-claws-trayicon_1.0.5-2_i386.deb
 7b82913171ca500664b5064691de9e12 129368 mail optional sylpheed-claws-pgpmime_1.0.5-2_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFDglZbt1anjIgqbEsRAiUGAJ9N5Ceg+/1zoj5P/jbmRXxQAqgQ2wCeNlQv
qAO6O3YQuj6rfm0xlpJQXC4=
=YDfA
-----END PGP SIGNATURE-----




Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Mon, 25 Jun 2007 05:36:32 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Fri Apr 18 21:45:13 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.