Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Mon, 8 May 2017 09:00:05 -0400
From: "Perry E. Metzger" <>
To: <>
Subject: libetpan: NULL dereference vulnerability

A NULL dereference vulnerability has been found in the MIME handling
code of LibEtPan, a C language mail access and handling library that
is used in a number of MUAs.

Versions 1.7.2 and earlier are affected.

This bug has been assigned CVE-2017-8825.

Hoa Viet Dinh, the author of the library, has released LibEtPan 1.8,
which fixes the bug. It may be found at:

for details on the vulnerability.

Upstream users that wish to patch only this particular problem may
find the fix at:

Thanks to Ryan Whitworth for uncovering this problem with
American Fuzzy Lop.

Perry E. Metzger

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ