Date: Mon, 8 May 2017 09:00:05 -0400 From: "Perry E. Metzger" <perry@...rmont.com> To: <oss-security@...ts.openwall.com> Subject: libetpan: NULL dereference vulnerability A NULL dereference vulnerability has been found in the MIME handling code of LibEtPan, a C language mail access and handling library that is used in a number of MUAs. Versions 1.7.2 and earlier are affected. This bug has been assigned CVE-2017-8825. Hoa Viet Dinh, the author of the library, has released LibEtPan 1.8, which fixes the bug. It may be found at: https://github.com/dinhviethoa/libetpan/releases See: https://github.com/dinhviethoa/libetpan/issues/274 for details on the vulnerability. Upstream users that wish to patch only this particular problem may find the fix at: https://github.com/dinhviethoa/libetpan/commit/1fe8fbc032ccda1db9af66d93016b49c16c1f22d Thanks to Ryan Whitworth for uncovering this problem with American Fuzzy Lop. -- Perry E. Metzger perry@...rmont.com
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ