*** This bug is a security vulnerability ***
Public security bug reported:
Binary package hint: ssmtp
The from_format function in ssmtp.c in ssmtp 2.61 and 2.62, in certain
configurations, uses uninitialized memory for the From: field of an
e-mail message, which might allow remote attackers to obtain sensitive
information (memory contents) in opportunistic circumstances by reading
a message.
This fix was already applied in Debian.
** Affects: ssmtp (Ubuntu)
Importance: Undecided
Status: New
** Affects: ssmtp (Debian)
Importance: Unknown
Status: Unknown
** Visibility changed to: Public
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2008-3962
** Bug watch added: Debian Bug tracker #498366
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=498366
** Also affects: ssmtp (Debian) via
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=498366
Importance: Unknown
Status: Unknown
--
[CVE-2008-3962] allow remote attackers to obtain sensitive information
https://bugs.launchpad.net/bugs/278978
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
