Published in the -security pocket now.
** Changed in: ssmtp (Ubuntu)
Assignee: (unassigned) => Nicolas Valcárcel (nxvl) (nvalcarcel)
Status: Incomplete => Fix Released
--
ssmtp dies with standardise() -- Buffer overflow
https://bugs.launchpad.net/bugs/282424
You received this bug not
The fix for http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=498366 does
not address this bug.
** Changed in: ssmtp (Ubuntu)
Status: Fix Released => Incomplete
--
ssmtp dies with standardise() -- Buffer overflow
https://bugs.launchpad.net/bugs/282424
You received this bug notification bec
This bug was fixed in the package ssmtp - 2.62-1ubuntu3
---
ssmtp (2.62-1ubuntu3) intrepid; urgency=low
* SECURITY UPDATE: allow remote attackers to obtain sensitive
information (LP: #278978)
* debian/patches/02-CVE-2008-3962: adjust in ssmtp.c to fix
unitialized memory di
** Attachment added: "Verification"
http://launchpadlibrarian.net/18474878/test_case.003
--
ssmtp dies with standardise() -- Buffer overflow
https://bugs.launchpad.net/bugs/282424
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
u
** Attachment added: "Demonstrate that a buffer passed into standardise() which
begins with a period and is BUF_SZ - 1 bytes in length will die()"
http://launchpadlibrarian.net/18474874/test_case.002
--
ssmtp dies with standardise() -- Buffer overflow
https://bugs.launchpad.net/bugs/282424
Y
I mislabaled test_cast.001. The correct description should be:
Demonstrate that a line which is BUZ_SZ - 1 in length (not counting \n)
beginning with a period will die().
--
ssmtp dies with standardise() -- Buffer overflow
https://bugs.launchpad.net/bugs/282424
You received this bug notificatio
** Attachment added: "Demonstrate that a buffer passed into standardise() which
begins with a period and is BUF_SZ - 1 bytes in length will die()"
http://launchpadlibrarian.net/18474661/test_case.001
--
ssmtp dies with standardise() -- Buffer overflow
https://bugs.launchpad.net/bugs/282424
Y
