package sylpheed reassign 338434 sylpheed-gtk1 thanks On Thu, 10 Nov 2005 10:13:03 +0100 Moritz Muehlenhoff <[EMAIL PROTECTED]> wrote:
> Package: sylpheed > Severity: grave > Tags: security > Justification: user security hole > > A remotely exploitable buffer overflow was found in Sylpheed. Quoting > from the web site: > > | Since a security hole was discovered, the fixed versions were released. > | All users are recommended to upgrade. > | > | There was a bug that caused buffer overflow in the LDIF import routine > | of the addressbook. This bug exists in every version since 0.6.4. It > | only affects when the LDIF import feature is used. > > This has been fixed in 2.0.4 and 2.1.6. Stable and oldstable should be > affected as well, if the LDIF import feature is available in the Debian > package. Both 2.0.4 and 2.1.6 are now available in sid and experimental, so I'm reasiging this bug to sylpheed-gtk1 now, until 1.0.6 (which fixes the bug for it) is available in the archive. Thanks for reporting, -- Ricardo Mones ~ You have the capacity to learn from mistakes. You'll learn a lot today. /usr/games/fortune -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
