MGASA-2012-0318
| Date: | October 30th, 2012 |
| Affected releases: | 1, 2 |
Description:
Updated claws-mail packages fix security vulnerability:
The strchr function in procmime.c in Claws Mail (aka claws-mail) 3.8.1
and earlier allows remote attackers to cause a denial of service (NULL
pointer dereference and crash) via a crafted email (CVE-2012-4507).
Updated Packages:
Mageia 1:
claws-mail-3.7.8-2.1.mga1
claws-mail-bogofilter-plugin-3.7.8-2.1.mga1
claws-mail-devel-3.7.8-2.1.mga1
claws-mail-dillo_viewer-plugin-3.7.8-2.1.mga1
claws-mail-pgpcore-plugin-3.7.8-2.1.mga1
claws-mail-pgpinline-plugin-3.7.8-2.1.mga1
claws-mail-pgpmime-plugin-3.7.8-2.1.mga1
claws-mail-smime-plugin-3.7.8-2.1.mga1
claws-mail-spamassassin-plugin-3.7.8-2.1.mga1
claws-mail-trayicon-plugin-3.7.8-2.1.mga1
Mageia 2:
claws-mail-3.8.1-1.mga2
claws-mail-bogofilter-plugin-3.8.1-1.mga2
claws-mail-devel-3.8.1-1.mga2
claws-mail-dillo_viewer-plugin-3.8.1-1.mga2
claws-mail-pgpcore-plugin-3.8.1-1.mga2
claws-mail-pgpinline-plugin-3.8.1-1.mga2
claws-mail-pgpmime-plugin-3.8.1-1.mga2
claws-mail-smime-plugin-3.8.1-1.mga2
claws-mail-spamassassin-plugin-3.8.1-1.mga2
claws-mail-trayicon-plugin-3.8.1-1.mga2
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4507
http://lists.opensuse.org/opensuse-updates/2012-10/msg00064.html
https://bugs.mageia.org/show_bug.cgi?id=7886
