January 2, 2002

Debian Security: DSA-096 mutt: buffer overflow

Author: JT Smith

Debian: "Joost Pol found a buffer overflow in the address handling code of mutt (a popular mail user agent). Even though this is a one byte overflow this is exploitable."

Date Reported: 02 Jan 2002Affected Packages: muttVulnerable: YesMore information:
Joost Pol found a buffer overflow in the address handling code of
mutt (a popular mail user agent). Even though this is a one byte
overflow this is exploitable.

This has been fixed upstream in version 1.2.5.1 and 1.3.25. The
relevant patch has been added to version 1.2.5-5 of the Debian
package.

Fixed in:

Debian GNU/Linux 2.2 (potato)

Source:
http://security.debian.org/dists/stable/updates/main/source/mutt_1.2.5-5.diff.gz
http://security.debian.org/dists/stable/updates/main/source/mutt_1.2.5-5.dsc
http://security.debian.org/dists/stable/updates/main/source/mutt_1.2.5.orig.tar.gz
Alpha:
http://security.debian.org/dists/stable/updates/main/binary-alpha/mutt_1.2.5-5_alpha.deb
ARM:
http://security.debian.org/dists/stable/updates/main/binary-arm/mutt_1.2.5-5_arm.deb
Intel IA-32:
http://security.debian.org/dists/stable/updates/main/binary-i386/mutt_1.2.5-5_i386.deb
Motorola 680x0:
http://security.debian.org/dists/stable/updates/main/binary-m68k/mutt_1.2.5-5_m68k.deb
PowerPC:
http://security.debian.org/dists/stable/updates/main/binary-powerpc/mutt_1.2.5-5_powerpc.deb

MD5 checksums of the listed files are available in the original advisory.


See the Debian contact page for information on contacting us.

Last Modified: Wed, Jan 2 18:23:35 UTC 2002

Copyright © 2002
SPI; See license terms

Category:

  • Linux
Click Here!