On Tue, 11 Sep 2007 15:21:35 +0200 Nico Golde <[EMAIL PROTECTED]> wrote:
> Package: sylpheed-claws > Version: 1.0.5-5.1 > Severity: normal > Tags: security > > Hi, > a CVE had been issued against this package: > CVE-2007-2958[0]: > Format string vulnerability in the inc_put_error function in src/inc.c in > Sylpheed 2.4.4, and Sylpheed-Claws (Claws Mail) 1.9.100 and 2.10.0, allows > remote POP3 servers to execute arbitrary code via format string specifiers > in crafted replies. > > If you fix this issue include the CVE id into the changelog. > > The sylpheed package is not affected for unstable and testing. (2.4.5 > fixes it). A patch can be found on: > http://www.colino.net/claws-mail/getpatchset.php3?ver=2.10.0cvs153 > > Since the attacker will need to modify a pop3 server which then is used by > the victim this issue is not really critical. > > [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2958 Please do the NMU Nico. Thanks in advance, -- Ricardo Mones http://people.debian.org/~mones «This night methinks is but the daylight sick. -- William Shakespeare, "The Merchant of Venice"»
signature.asc
Description: PGP signature
