Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Mon, 28 Apr 2014 10:31:12 +0200
From: Yves-Alexis Perez <>
Subject: CVE-2014-0469: xbuffy stack-based buffer overflow in subject


just to let the list know that a Debian (and derivatives, like Ubuntu)
specific vulnerability was found and fixed in xbuffy (a program to
monitor mailboxes and newsgroups and show a mail count).

The vulnerability was a stack-based buffer overflow, which could be
triggered by a remote attacker sending a carefully crafted mail.

It was introduced by a Debian-specific patch, and the software looks
dead upstream, so we issued CVE-2014-0469 from our pool.

The fix is only available in unstable [1] now, but stable and oldstable
should follow soon.


Yves-Alexis Perez

Download attachment "signature.asc" of type "application/pgp-signature" (491 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ