Branch p7 update bulletin.

Package claws-mail updated to version 3.14.0-alt0.M70P.1 for branch p7 in task 168912.

Published: 2016-04-12
Modified: 2024-11-21

CVE-2015-8708

Stack-based buffer overflow in the conv_euctojis function in codeconv.c in Claws Mail 3.13.1 allows remote attackers to have unspecified impact via a crafted email, involving Japanese character set conversion. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8614.

Severity: HIGH (7.3) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

References:

[oss-security] 20151231 Re: mail-client/claws-mail-3.13.1: Stack Overflow - CVE needed?
[oss-security] 20151231 Re: mail-client/claws-mail-3.13.1: Stack Overflow - CVE needed?
GLSA-201606-11
GLSA-201606-11

Version: 2.1.0

Branch p7 update on 2016-08-30

ALT-BU-2016-2958-1

ALT-PU-2016-1903-1

Closed vulnerabilities

CVE-2015-8708