[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] CVE-2014-0469: xbuffy stack-based buffer overflow in subject processing
From: Yves-Alexis Perez <corsac () debian ! org>
Date: 2014-04-28 8:31:12
Message-ID: 20140428083111.GB22438 () scapa ! corsac ! net
[Download RAW message or body]
Hi,
just to let the list know that a Debian (and derivatives, like Ubuntu)
specific vulnerability was found and fixed in xbuffy (a program to
monitor mailboxes and newsgroups and show a mail count).
The vulnerability was a stack-based buffer overflow, which could be
triggered by a remote attacker sending a carefully crafted mail.
It was introduced by a Debian-specific patch, and the software looks
dead upstream, so we issued CVE-2014-0469 from our pool.
The fix is only available in unstable [1] now, but stable and oldstable
should follow soon.
[1]: http://packages.qa.debian.org/x/xbuffy/news/20140427T181904Z.html
Regards,
--=20
Yves-Alexis Perez
["signature.asc" (application/pgp-signature)]
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic