Package : claws-mail Version : 3.7.6-4+squeeze2 CVE ID : CVE-2015-8614 CVE-2015-8708 "DrWhax" of the Tails project reported that Claws Mail is missing range checks in some text conversion functions. A remote attacker could exploit this to run arbitrary code under the account of a user that receives a message from them using Claws Mail. CVE-2015-8614 There were no checks on the output length for conversions between JIS (ISO-2022-JP) and EUC-JP, between JIS and UTF-8, and from Shift_JIS to EUC-JP. CVE-2015-8708 The original fix for CVE-2015-8614 was incomplete. For the oldoldstable distribution (squeeze), these problems have been fixed in version 3.7.6-4+squeeze2. For the oldstable distribution (wheezy) and the stable distribution (jessie), this will be fixed soon. These versions were built with hardening features that make this issue harder to exploit. -- Ben Hutchings - Debian developer, member of Linux kernel and LTS teams
Attachment:
signature.asc
Description: This is a digitally signed message part