Advisories ยป MGASA-2016-0008

Updated claws-mail packages fix security vulnerability

Publication date: 12 Jan 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2015-8614

Description

no bounds checking on the output buffer in conv_jistoeuc, conv_euctojis,
conv_sjistoeuc

A Tails contributor found a vulnerability in claws-mail where in
codeconv.c a function for japanese character set conversion called
conv_jistoeuc() has no bounds checking on the output buffer which is
created on the stack with alloca() (CVE-2015-8614).
                

References

SRPMS

5/core