Bug#573877: gmime2.4: CVE-2010-0409: buffer overflow can lead to DoS or arbitrary code execution
Emilio Pozuelo Monfort
pochu at debian.org
Sun Mar 14 17:06:52 UTC 2010
Justification: user security hole
Buffer overflow in the GMIME_UUENCODE_LEN macro in gmime/gmime-encodings.h
in GMime before 2.4.15 allows context-dependent attackers to cause a denial
of service (application crash) or possibly execute arbitrary code via input
data for a uuencode operation.
gmime 2.4.15 fixes it.
Stable is not affected as gmime2.4 doesn't exist there, and there's #568291
for gmime2.2 (which exists in stable).
More information about the pkg-gnome-maintainers