MGASA-2016-0067
- Source
- https://advisories.mageia.org/MGASA-2016-0067.html
- Import Source
- https://advisories.mageia.org/MGASA-2016-0067.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/MGASA-2016-0067
- Related
- Published
- 2016-02-17T19:06:01Z
- Modified
- 2016-02-17T18:25:06Z
- Summary
- Updated claws-mail packages fix CVE-2015-8708
- Details
-
Updated claws-mail fix security vulnerabilities
A stack-based buffer overflow has been found in conveuctojis() after applying incomplete patch for CVE-2015-8614. In conveuctojis() the comparison is with outlen - 3, but each pass through the loop uses up to 5 bytes and the rest of the function may add another 4 bytes. The comparison should presumably be '<= outlen - 9' or equivalently '< outlen - 8'. (CVE-2015-8708)
- References
-
- https://advisories.mageia.org/MGASA-2016-0067.html
- https://bugs.mageia.org/show_bug.cgi?id=17722
- http://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=3557
- https://lists.fedoraproject.org/pipermail/package-announce/2016-February/176949.html
- https://security-tracker.debian.org/tracker/CVE-2015-8708
- Credits
-
-
- Mageia - COORDINATOR
-
Affected packages
Mageia:5 / claws-mail
Package
- Name
- claws-mail
- Purl
- pkg:rpm/mageia/claws-mail?distro=mageia-5