[<prev] [next>] [day] [month] [year] [list]
Date: Mon, 8 May 2017 09:00:05 -0400
From: "Perry E. Metzger" <perry@...rmont.com>
To: <oss-security@...ts.openwall.com>
Subject: libetpan: NULL dereference vulnerability
A NULL dereference vulnerability has been found in the MIME handling
code of LibEtPan, a C language mail access and handling library that
is used in a number of MUAs.
Versions 1.7.2 and earlier are affected.
This bug has been assigned CVE-2017-8825.
Hoa Viet Dinh, the author of the library, has released LibEtPan 1.8,
which fixes the bug. It may be found at:
https://github.com/dinhviethoa/libetpan/releases
See:
https://github.com/dinhviethoa/libetpan/issues/274
for details on the vulnerability.
Upstream users that wish to patch only this particular problem may
find the fix at:
https://github.com/dinhviethoa/libetpan/commit/1fe8fbc032ccda1db9af66d93016b49c16c1f22d
Thanks to Ryan Whitworth for uncovering this problem with
American Fuzzy Lop.
--
Perry E. Metzger perry@...rmont.com
Powered by blists - more mailing lists
Please check out the
Open Source Software Security Wiki, which is counterpart to this
mailing list.
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
