Package: ssmtp Severity: important Tags: security, patch Hi
Maurice van der Pot of Gentoo reported a bug in ssmtp 2.62: The from_format() function in ssmtp.c will call strdup() on an unitialized memory if the user's gecos is unset and "FromLineOverride" is disabled in the configuration. This might disclose memory contents by sending them off in the the "From:" field of an email or cause a (client) crash. The gentoo bugreport can be found here[0] and also includes a patch[1]. A CVE id has been requested and I'll post it here, once I've received it. Cheers Steffen [0]: https://bugs.gentoo.org/234391 [1]: https://bugs.gentoo.org/attachment.cgi?id=165005 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
