lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20140312154401.GA3072@pisco.westfalen.local>
Date: Wed, 12 Mar 2014 16:44:02 +0100
From: Moritz Muehlenhoff <jmm@...ian.org>
To: debian-security-announce@...ts.debian.org
Subject: [SECURITY] [DSA 2874-1] mutt security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2874-1                   security@...ian.org
http://www.debian.org/security/                        Moritz Muehlenhoff
March 12, 2014                         http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : mutt
CVE ID         : CVE-2014-0467
Debian Bug     : 708731

Beatrice Torracca and Evgeni Golov discovered a buffer overflow in the
mutt mailreader. Malformed RFC2047 header lines could result in denial
of service or potentially the execution of arbitrary code.

For the oldstable distribution (squeeze), this problem has been fixed in
version 1.5.20-9+squeeze3.

For the stable distribution (wheezy), this problem has been fixed in
version 1.5.21-6.2+deb7u2.

For the unstable distribution (sid), this problem has been fixed in
version 1.5.22-2.

We recommend that you upgrade your mutt packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: debian-security-announce@...ts.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJTIIBQAAoJEBDCk7bDfE42lGQP+wXTo5lcib+GNUh4hkE4FMi7
BpB/RhIx5EfS8f3vUvGxQInn+usA61H17sBKLaMkpgT+4jksNbLo8n6IIt3uDik9
GyVE8tEsPXEJQ/qqurVBU7qEbrFbi1azRv0yQVcWdFA5K+1kFVzkejOFFKOxFxXI
U7Wuix91hx+36dQm2gjY6/WjZtQ/ccyjAzxCeE2DX2SJGNLnmAPSaxuotUN+UWCn
5Ybin/arUglttiMXhfv12vHoibSKghShWE6r16NyoQRRcKePv8o6OnLKEyu8Vh8L
oBd3MghG891kP9n3aFnj2lCAjwExx0d4AzL5CGmiAg1UoJUPGQRB6omR9+pOYpCB
xsu3+zooh2/rq4M3cKg9e9FM5hyKF4JpwrQKOT55SXnnjviN7oFgi6mdSPPZGn4S
uMcXA1mMRzJ1IdSlDskQ+w12sLrrP61C90ecsRJ9hDyI9Zjj5LPXlLUk0P6HeAvY
hItFG9DqPVaSTbFTn2MyGeY455PCNstVciejaJDuI2pB1GEFcwtzXt6jQHYtd1Mb
v2/PNaqjGiVcz6g58RdPiIUIrV71X+YEHiU8tjxvd8/tUGNmDriOKefcH+T4Ey6k
51BgyXH6gRbiow6XD45fcKEkxeewiV4YLnlSZn2McaGwGFplttQPTTRdUns3fbqx
IkrdpnS3ekH3bMpFijcg
=bmJF
-----END PGP SIGNATURE-----



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ