Advisories ยป MGASA-2016-0067

Updated claws-mail packages fix CVE-2015-8708

Publication date: 17 Feb 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2015-8708


Updated claws-mail fix security vulnerabilities

A stack-based buffer overflow has been found in conv_euctojis() after applying 
incomplete patch for CVE-2015-8614. In conv_euctojis() the comparison is with 
outlen - 3, but each pass through the loop uses up to 5 bytes and the rest of 
the function may add another 4 bytes. The comparison should presumably be
'<= outlen - 9' or equivalently '< outlen - 8'. (CVE-2015-8708)