Branch t7 update bulletin.

Package claws-mail updated to version 3.13.1-alt2.M70P.1 for branch t7 in task 156121.

Published: 2016-04-11
Modified: 2025-04-12

CVE-2015-8708

Stack-based buffer overflow in the conv_euctojis function in codeconv.c in Claws Mail 3.13.1 allows remote attackers to have unspecified impact via a crafted email, involving Japanese character set conversion. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8614.

Severity: HIGH (7.5) Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: HIGH (7.3) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

References:

Package dhcpcd updated to version 5.6.8-alt2.M70P.1 for branch t7 in task 156189.

Published: 2014-09-04
Modified: 2025-04-12

CVE-2014-6060

The get_option function in dhcpcd 4.0.0 through 6.x before 6.4.3 allows remote DHCP servers to cause a denial of service by resetting the DHO_OPTIONSOVERLOADED option in the (1) bootfile or (2) servername section, which triggers the option to be processed again.

Severity: LOW (3.3) Vector: AV:A/AC:L/Au:N/C:N/I:N/A:P

References:

Version: 2.1.2

Branch t7 update on 2016-01-21

ALT-BU-2016-2550-1

ALT-PU-2016-1036-1

Closed vulnerabilities

CVE-2015-8708

ALT-PU-2016-1041-1

Closed vulnerabilities

CVE-2014-6060