Bug 49470 (CVE-2004-0078) - VUL-0: CVE-2004-0078: bufferoverflow in mutt
Summary: VUL-0: CVE-2004-0078: bufferoverflow in mutt
Status: RESOLVED FIXED
Alias: CVE-2004-0078
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: All Linux
: P3 - Medium : Normal
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL:
Whiteboard: CVE-2004-0078: CVSS v2 Base Score: 7....
Keywords:
Depends on:
Blocks:
 
Reported: 2004-02-12 00:33 UTC by Roman Drahtmueller
Modified: 2021-10-04 08:29 UTC (History)
1 user (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Mads Martin Joergensen 2004-02-12 00:33:11 UTC 
* Thomas Roessler <roessler@does-not-exist.org> [Feb 11. 2004 16:05]:
> Mutt-1.4.2 has just been released; this version fixes a buffer
> overflow that can be triggered by incoming messages.  There are
> reports about spam that has actually triggered this problem and
> crashed mutt.
>
> It is recommended that users of mutt versions prior to 1.4.2 upgrade
> to this version, or apply the patch included below.
>
> Users of "unstable" mutt versions after 1.3.28 (including 1.5.*) do
> not need to upgrade, as this problem had been fixed in the unstable
> branch in February 2002; unfortunately, the fix was not backported
> before 1.4 was released.

I've submitted fixed packages for 8.1, 8.2 and 9.0 which carry the affected
version.
Comment 1 Mads Martin Joergensen 2004-02-12 00:33:11 UTC 
<!-- SBZ_reproduce  -->
See description
Comment 2 Mads Martin Joergensen 2004-02-12 00:33:38 UTC 
And also patchinfos are submitted
Comment 3 Roman Drahtmueller 2004-02-12 01:03:48 UTC 
<!-- SBZ_reopen -->Reopened by draht@suse.de at Wed Feb 11 18:03:48 2004, took initial reporter mmj@suse.de to cc
Comment 4 Roman Drahtmueller 2004-02-12 01:03:48 UTC 
That doesn't make this bug fixed. Re-Opening...
Comment 5 Roman Drahtmueller 2004-02-12 01:04:14 UTC 
...and re-assigning.
Comment 6 Thomas Biege 2004-02-12 01:09:51 UTC 
What is wrong with the fixed package, Roman?
Comment 7 Roman Drahtmueller 2004-02-12 01:25:21 UTC 
Oh, the package is fine, but for as long as the packages are not out, we
shouldn't close the bug yet. :-)
Comment 8 Thomas Biege 2004-02-12 18:24:46 UTC 
*oompf* Now I get it....
Comment 9 Thomas Biege 2004-02-12 18:33:41 UTC 
laufzettel submitted
Comment 10 Thomas Biege 2004-02-23 22:28:01 UTC 
packages approved.
Comment 11 Marcus Meissner 2007-11-12 10:45:40 UTC 
CVE-2004-0078
Comment 12 Thomas Biege 2009-10-13 20:14:50 UTC 
CVE-2004-0078: CVSS v2 Base Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)