Lucene search

DebianDEBIAN:DSA-3452-1:E2260

HistoryJan 23, 2016 - 6:30 a.m.

[SECURITY] [DSA 3452-1] claws-mail security update

2016-01-2306:30:58

lists.debian.org

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.3 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

7.2 High

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

78.2%

JSON

Debian Security Advisory DSA-3452-1 [email protected]
https://www.debian.org/security/ Ben Hutchings
January 23, 2016 https://www.debian.org/security/faq

Package : claws-mail
CVE ID : CVE-2015-8614

"DrWhax" of the Tails project reported that Claws Mail is missing
range checks in some text conversion functions. A remote attacker
could exploit this to run arbitrary code under the account of a user
that receives a message from them using Claws Mail.

For the oldstable distribution (wheezy), this problem has been fixed
in version 3.8.1-2+deb7u1.

For the stable distribution (jessie), this problem has been fixed in
version 3.11.1-3+deb8u1.

We recommend that you upgrade your claws-mail packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian7i386claws-mail-bogofilter< 3.8.1-2+deb7u1claws-mail-bogofilter_3.8.1-2+deb7u1_i386.deb
Debian8allclaws-mail-tools< 3.11.1-3+deb8u1claws-mail-tools_3.11.1-3+deb8u1_all.deb
Debian8amd64claws-mail-pdf-viewer< 3.11.1-3+deb8u1claws-mail-pdf-viewer_3.11.1-3+deb8u1_amd64.deb
Debian8kfreebsd-i386claws-mail-tnef-parser< 3.11.1-3+deb8u1claws-mail-tnef-parser_3.11.1-3+deb8u1_kfreebsd-i386.deb
Debian8mipselclaws-mail-vcalendar-plugin< 3.11.1-3+deb8u1claws-mail-vcalendar-plugin_3.11.1-3+deb8u1_mipsel.deb
Debian8armelclaws-mail-perl-filter< 3.11.1-3+deb8u1claws-mail-perl-filter_3.11.1-3+deb8u1_armel.deb
Debian8allclaws-mail< 3.11.1-3+deb8u1claws-mail_3.11.1-3+deb8u1_all.deb
Debian8ppc64elclaws-mail-feeds-reader< 3.11.1-3+deb8u1claws-mail-feeds-reader_3.11.1-3+deb8u1_ppc64el.deb
Debian8s390xclaws-mail-pgpmime< 3.11.1-3+deb8u1claws-mail-pgpmime_3.11.1-3+deb8u1_s390x.deb
Debian8armelclaws-mail-bogofilter< 3.11.1-3+deb8u1claws-mail-bogofilter_3.11.1-3+deb8u1_armel.deb

OS	Version	Architecture	Package	Version	Filename
Debian	7	i386	claws-mail-bogofilter	< 3.8.1-2+deb7u1	claws-mail-bogofilter_3.8.1-2+deb7u1_i386.deb
Debian	8	all	claws-mail-tools	< 3.11.1-3+deb8u1	claws-mail-tools_3.11.1-3+deb8u1_all.deb
Debian	8	amd64	claws-mail-pdf-viewer	< 3.11.1-3+deb8u1	claws-mail-pdf-viewer_3.11.1-3+deb8u1_amd64.deb
Debian	8	kfreebsd-i386	claws-mail-tnef-parser	< 3.11.1-3+deb8u1	claws-mail-tnef-parser_3.11.1-3+deb8u1_kfreebsd-i386.deb
Debian	8	mipsel	claws-mail-vcalendar-plugin	< 3.11.1-3+deb8u1	claws-mail-vcalendar-plugin_3.11.1-3+deb8u1_mipsel.deb
Debian	8	armel	claws-mail-perl-filter	< 3.11.1-3+deb8u1	claws-mail-perl-filter_3.11.1-3+deb8u1_armel.deb
Debian	8	all	claws-mail	< 3.11.1-3+deb8u1	claws-mail_3.11.1-3+deb8u1_all.deb
Debian	8	ppc64el	claws-mail-feeds-reader	< 3.11.1-3+deb8u1	claws-mail-feeds-reader_3.11.1-3+deb8u1_ppc64el.deb
Debian	8	s390x	claws-mail-pgpmime	< 3.11.1-3+deb8u1	claws-mail-pgpmime_3.11.1-3+deb8u1_s390x.deb
Debian	8	armel	claws-mail-bogofilter	< 3.11.1-3+deb8u1	claws-mail-bogofilter_3.11.1-3+deb8u1_armel.deb