Date: Mon, 8 May 2017 09:00:05 -0400 From: "Perry E. Metzger" <perry@...rmont.com> To: <oss-security@...ts.openwall.com> Subject: libetpan: NULL dereference vulnerability A NULL dereference vulnerability has been found in the MIME handling code of LibEtPan, a C language mail access and handling library that is used in a number of MUAs. Versions 1.7.2 and earlier are affected. This bug has been assigned CVE-2017-8825. Hoa Viet Dinh, the author of the library, has released LibEtPan 1.8, which fixes the bug. It may be found at: https://github.com/dinhviethoa/libetpan/releases See: https://github.com/dinhviethoa/libetpan/issues/274 for details on the vulnerability. Upstream users that wish to patch only this particular problem may find the fix at: https://github.com/dinhviethoa/libetpan/commit/1fe8fbc032ccda1db9af66d93016b49c16c1f22d Thanks to Ryan Whitworth for uncovering this problem with American Fuzzy Lop. -- Perry E. Metzger perry@...rmont.com
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.