Package: sylpheed Severity: grave Tags: security Justification: user security hole
A remotely exploitable buffer overflow was found in Sylpheed. Quoting from the web site: | Since a security hole was discovered, the fixed versions were released. | All users are recommended to upgrade. | | There was a bug that caused buffer overflow in the LDIF import routine | of the addressbook. This bug exists in every version since 0.6.4. It | only affects when the LDIF import feature is used. This has been fixed in 2.0.4 and 2.1.6. Stable and oldstable should be affected as well, if the LDIF import feature is available in the Debian package. Cheers, Moritz -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.14-1-686 Locale: LANG=C, [EMAIL PROTECTED] (charmap=ISO-8859-15) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]