Package: sylpheed
Severity: grave
Tags: security
Justification: user security hole
A remotely exploitable buffer overflow was found in Sylpheed. Quoting
from the web site:
| Since a security hole was discovered, the fixed versions were released.
| All users are recommended to upgrade.
|
| There was a bug that caused buffer overflow in the LDIF import routine
| of the addressbook. This bug exists in every version since 0.6.4. It
| only affects when the LDIF import feature is used.
This has been fixed in 2.0.4 and 2.1.6. Stable and oldstable should be
affected as well, if the LDIF import feature is available in the Debian
package.
Cheers,
Moritz
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.14-1-686
Locale: LANG=C, [EMAIL PROTECTED] (charmap=ISO-8859-15)
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
