Advisories » MGASA-2020-0391

Updated claw-mail packages fix a security vulnerability

Publication date: 21 Oct 2020
Modification date: 21 Oct 2020
Type: security
Affected Mageia releases : 7
CVE: CVE-2020-16094

Description

In imap_scan_tree_recursive in Claws Mail through 3.17.6, a malicious IMAP
server can trigger stack consumption because of unlimited recursion into
subdirectories during a rebuild of the folder tree (CVE-2020-16094).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=27427
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/JUBLHUG2UCXVABAGN5FVTD3AB3YKE5NN/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16094

SRPMS

7/core

• claws-mail-3.17.7-1.mga7