Ubuntu
ssmtp package

  1. Bug #282424
  2. Comment #5

Comment 5 for bug 282424

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package ssmtp - 2.62-1ubuntu3

---------------
ssmtp (2.62-1ubuntu3) intrepid; urgency=low

  * SECURITY UPDATE: allow remote attackers to obtain sensitive
    information (LP: #278978)
  * debian/patches/02-CVE-2008-3962: adjust in ssmtp.c to fix
    unitialized memory disclosure.
  * SECURITY UPDATE: Buffer overflow (LP: #282424)
  * debian/patches/03_fix_buffer_overflow: adjust ssmtp.c to fix
    a buffer overflow with using 2 bytes in length instead of one in buffer.
  * References:
    CVE-2008-3962
    http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=498366

 -- Stefan Ebner <email address hidden> Tue, 07 Oct 2008 16:22:39 +0200