Mailinglist Archive: opensuse-bugs (4251 mails)

< Previous Next >
[Bug 1038061] New: VUL-1: CVE-2017-8825: libetpan: NULL dereference vulnerability
  • From: bugzilla_noreply@xxxxxxxxxx
  • Date: Mon, 08 May 2017 14:19:21 +0000
  • Message-id: <bug-1038061-21960@http.bugzilla.suse.com/>
http://bugzilla.suse.com/show_bug.cgi?id=1038061


Bug ID: 1038061
Summary: VUL-1: CVE-2017-8825: libetpan: NULL dereference
vulnerability
Classification: openSUSE
Product: openSUSE Distribution
Version: Leap 42.2
Hardware: Other
OS: Other
Status: NEW
Severity: Normal
Priority: P5 - None
Component: Security
Assignee: security-team@xxxxxxx
Reporter: mikhail.kasimov@xxxxxxxxx
QA Contact: qa-bugs@xxxxxxx
Found By: ---
Blocker: ---

Ref: http://seclists.org/oss-sec/2017/q2/225
============================================
A NULL dereference vulnerability has been found in the MIME handling
code of LibEtPan, a C language mail access and handling library that
is used in a number of MUAs.

Versions 1.7.2 and earlier are affected.

This bug has been assigned CVE-2017-8825.

Hoa Viet Dinh, the author of the library, has released LibEtPan 1.8,
which fixes the bug. It may be found at:

[1] https://github.com/dinhviethoa/libetpan/releases

[2] See:
https://github.com/dinhviethoa/libetpan/issues/274
for details on the vulnerability.

Upstream users that wish to patch only this particular problem may
find the fix at:

[3]
https://github.com/dinhviethoa/libetpan/commit/1fe8fbc032ccda1db9af66d93016b49c16c1f22d

Thanks to Ryan Whitworth for uncovering this problem with
American Fuzzy Lop.


--
Perry E. Metzger perry () piermont com
============================================

(open-)SUSE: https://software.opensuse.org/package/libetpan

1.6 (TW, 42.{1,2}, official repo)

--
You are receiving this mail because:
You are on the CC list for the bug.
< Previous Next >