Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-announce

From: Daniel Ahlberg <aliz@g.o>
To: gentoo-announce@g.o
Subject: GLSA: balsa (200304-10)
Date: Wed, 30 Apr 2003 14:56:33
Message-Id: 20030430134023.DF4813367D@mail1.tamperd.net
1 -----BEGIN PGP SIGNED MESSAGE-----
2 Hash: SHA1
3
4 - - - ---------------------------------------------------------------------
5 GENTOO LINUX SECURITY ANNOUNCEMENT 200304-10
6 - - - ---------------------------------------------------------------------
7
8 PACKAGE : balsa
9 SUMMARY : buffer overflow
10 DATE : 2003-04-30 13:40 UTC
11 EXPLOIT : remote
12 VERSIONS AFFECTED : <balsa-2.0.10
13 FIXED VERSION : >=balsa-2.0.10
14 CVE : CAN-2003-0140
15
16 - - - ---------------------------------------------------------------------
17
18 Balsa suffers from the same buffer overflow as mutt did:
19
20 http://marc.theaimsgroup.com/?l=bugtraq&m=104852190605988&w=2
21
22 SOLUTION
23
24 It is recommended that all Gentoo Linux users who are running
25 net-mail/balsa upgrade to balsa-2.0.10 as follows:
26
27 emerge sync
28 emerge balsa
29 emerge clean
30
31 - - - ---------------------------------------------------------------------
32 aliz@g.o - GnuPG key is available at http://cvs.gentoo.org/~aliz
33 - - - ---------------------------------------------------------------------
34 -----BEGIN PGP SIGNATURE-----
35 Version: GnuPG v1.2.1 (GNU/Linux)
36
37 iD8DBQE+r9JFfT7nyhUpoZMRAsdKAJ9I0a0slAseBKANge+YWNEVSQ1d3wCdHwOv
38 9Sk4vDxSc0dZ7zQqpSRIJYo=
39 =JBzV
40 -----END PGP SIGNATURE-----
Report Message
Find on MARC Find on Google Groups