[Secure-testing-team] Bug#568291: possible buffer overflows
Steffen Joeris
steffen.joeris at skolelinux.de
Wed Feb 3 17:12:45 UTC 2010
Package: libgmime-2.0-2a
Severity: grave
Tags: security patch
Hi
GMime upstream has released latest 2.4.15 [1] version of the
library fixing one security issue. From 2.4.15-changes [2] file:
2010-01-31 Jeffrey Stedfast <fejj at novell.com>
* gmime/gmime-encodings.h (GMIME_UUENCODE_LEN): Fixed to prevent
possible buffer overflows.
The vulnerable code seems to be in gmime/gmime-utils.h, I've attached
upstream's patch for your convenience, but I did not have a deeper look
at the buffer sizes, so it is unchecked.
stable is also affected and would need to be fixed as well I guess.
Please contact the secuirty team (team at security.debian.org), if you've
checked the patch and have packages ready for lenny.
Thanks in advance.
Cheers
Steffen
References:
[1] http://ftp.gnome.org/pub/GNOME/sources/gmime/2.4/
[2] http://ftp.gnome.org/pub/GNOME/sources/gmime/2.4/gmime-2.4.15.changes
[3] http://ftp.gnome.org/pub/GNOME/sources/gmime/2.4/gmime-2.4.14-2.4.15.diff.gz
[4] http://secunia.com/advisories/38459/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: gmime.patch
Type: text/x-diff
Size: 2224 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20100203/58b337f7/attachment.patch>
More information about the Secure-testing-team
mailing list