Bug 152156

Summary: (sylpheed) Security update 1.0.4 available
Product: [Fedora] Fedora Reporter: Rob van Nieuwkerk <robn>
Component: sylpheedAssignee: Akira TAGOH <tagoh>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: 3CC: wtogami
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: 1.0.4-0.fc3 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2005-03-30 02:56:07 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Rob van Nieuwkerk 2005-03-25 13:55:43 UTC 
From Bugzilla Helper:
User-Agent: Opera/7.54 (X11; Linux i686; U)  [en]

Description of problem:
From the sylpheed home-page: http://sylpheed.good-day.net/ :

"A newly found buffer overflow was fixed at 1.0.4. This problem exists
from 0.8.0 to 1.0.3, and from 1.9.0 to 1.9.4, so be sure to upgrade."

Version-Release number of selected component (if applicable):
sylpheed-1.0.3-0.FC3

How reproducible:
Didn't try

Steps to Reproduce:
1. don't know
2.
3.
  

Additional info:
Comment 1 Warren Togami 2005-03-27 22:37:16 UTC 
http://people.redhat.com/wtogami/temp/sylpheed-1.0.4-0.fc2.i386.rpm
http://people.redhat.com/wtogami/temp/sylpheed-1.0.4-0.fc3.i386.rpm
Please test these binaries and report back.
Comment 2 Akira TAGOH 2005-03-28 08:56:06 UTC 
Well, 1.0.4 works fine as usual. However, though I've tried something against a
diff file from the previous release, I couldn't find any way to reproduce this
buffer overflow. the fixed code looks good at least. so we can push it for the
update package anyway.
Comment 3 Akira TAGOH 2005-03-30 02:56:07 UTC 
The updated packages are now available. closing.