http://bugzilla.suse.com/show_bug.cgi?id=1038061 Bug ID: 1038061 Summary: VUL-1: CVE-2017-8825: libetpan: NULL dereference vulnerability Classification: openSUSE Product: openSUSE Distribution Version: Leap 42.2 Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: security-team@suse.de Reporter: mikhail.kasimov@gmail.com QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- Ref: http://seclists.org/oss-sec/2017/q2/225 ============================================ A NULL dereference vulnerability has been found in the MIME handling code of LibEtPan, a C language mail access and handling library that is used in a number of MUAs. Versions 1.7.2 and earlier are affected. This bug has been assigned CVE-2017-8825. Hoa Viet Dinh, the author of the library, has released LibEtPan 1.8, which fixes the bug. It may be found at: [1] https://github.com/dinhviethoa/libetpan/releases [2] See: https://github.com/dinhviethoa/libetpan/issues/274 for details on the vulnerability. Upstream users that wish to patch only this particular problem may find the fix at: [3] https://github.com/dinhviethoa/libetpan/commit/1fe8fbc032ccda1db9af66d93016b... Thanks to Ryan Whitworth for uncovering this problem with American Fuzzy Lop. -- Perry E. Metzger perry () piermont com ============================================ (open-)SUSE: https://software.opensuse.org/package/libetpan 1.6 (TW, 42.{1,2}, official repo) -- You are receiving this mail because: You are on the CC list for the bug.