oss-sec mailing list archives

CVE Request -- GMime-2.4.15

From: Jan Lieskovsky <jlieskov () redhat com>
Date: Wed, 03 Feb 2010 17:46:40 +0100

Hi Josh, Steve, vendors,

  GMime upstream has released latest 2.4.15 [1] version of the
library fixing one security issue. From 2.4.15-changes [2] file:

2010-01-31  Jeffrey Stedfast  <fejj () novell com>

        * gmime/gmime-encodings.h (GMIME_UUENCODE_LEN): Fixed to prevent
        possible buffer overflows.

References:

[1] http://ftp.gnome.org/pub/GNOME/sources/gmime/2.4/
[2] http://ftp.gnome.org/pub/GNOME/sources/gmime/2.4/gmime-2.4.15.changes
[3] http://ftp.gnome.org/pub/GNOME/sources/gmime/2.4/gmime-2.4.14-2.4.15.diff.gz
[4] http://secunia.com/advisories/38459/

Could you allocate a CVE id for this?

Thanks && Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Response Team

Current thread:

CVE Request -- GMime-2.4.15 Jan Lieskovsky (Feb 03)
- Re: CVE Request -- GMime-2.4.15 Josh Bressers (Feb 03)