Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Mon, 8 May 2017 09:00:05 -0400
From: "Perry E. Metzger" <perry@...rmont.com>
To: <oss-security@...ts.openwall.com>
Subject: libetpan: NULL dereference vulnerability

A NULL dereference vulnerability has been found in the MIME handling
code of LibEtPan, a C language mail access and handling library that
is used in a number of MUAs.

Versions 1.7.2 and earlier are affected.

This bug has been assigned CVE-2017-8825.

Hoa Viet Dinh, the author of the library, has released LibEtPan 1.8,
which fixes the bug. It may be found at:

https://github.com/dinhviethoa/libetpan/releases

See:
https://github.com/dinhviethoa/libetpan/issues/274
for details on the vulnerability.

Upstream users that wish to patch only this particular problem may
find the fix at:

https://github.com/dinhviethoa/libetpan/commit/1fe8fbc032ccda1db9af66d93016b49c16c1f22d

Thanks to Ryan Whitworth for uncovering this problem with
American Fuzzy Lop.


-- 
Perry E. Metzger		perry@...rmont.com

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.