Re: squeeze update of claws-mail?

To: Ricardo Mones <mones@debian.org>
Cc: debian-lts@lists.debian.org, Paul Mangan <claws@thewildbeast.co.uk>, Gustavo Noronha Silva <kov@debian.org>, Hideki Yamane <henrich@debian.org>, Hiroyuki Yamamoto <hiro-y@kcn.ne.jp>
Subject: Re: squeeze update of claws-mail?
From: Ben Hutchings <benh@debian.org>
Date: Wed, 30 Dec 2015 11:16:33 +0000
Message-id: <[🔎] 1451474193.25978.68.camel@debian.org>
In-reply-to: <[🔎] 20151230101844.GE18276@busgosu.mones.org>
References: <[🔎] 1451440127.25978.59.camel@debian.org> <[🔎] 20151230101844.GE18276@busgosu.mones.org>

On Wed, 2015-12-30 at 11:18 +0100, Ricardo Mones wrote:
> Hi Ben et al,
> 
> On Wed, Dec 30, 2015 at 01:48:47AM +0000, Ben Hutchings wrote:
> > Hello dear maintainer(s),
> > 
> > the Debian LTS team would like to fix the security issues which are
> > currently open in the Squeeze version of claws-mail:
> > https://security-tracker.debian.org/tracker/CVE-2015-8614
> 
> AFAICS that CVE is missing at least two more affected packages in
> squeeze: libsylph¹ and sylpheed², which unfortunately contains an
> embedded code copy (ECC) of the former.
> 
> Both are still affected on current sid versions³⁴ and upstream⁵, not
> sure whether that fact should be reflected on the same CVE. 
[...]

I decided they were unaffected, because the corresponding functions
allocate their own output buffer based on the input length.

Ben.

-- 
Ben Hutchings - Debian developer, member of Linux kernel and LTS teams

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to:

References:
- squeeze update of claws-mail?
  - From: Ben Hutchings <benh@debian.org>
- Re: squeeze update of claws-mail?
  - From: Ricardo Mones <mones@debian.org>

Prev by Date: Re: squeeze update of macopix?
Next by Date: RE: [pkg-mono-group] squeeze update of mono?
Previous by thread: Re: squeeze update of claws-mail?
Next by thread: squeeze update of macopix?
Index(es):
- Date
- Thread