Debian Security Advisory
DSA-096-2 mutt -- buffer overflow
- Date Reported:
- 03 Jan 2002
- Affected Packages:
- mutt
- Vulnerable:
- Yes
- Security database references:
- In Mitre's CVE dictionary: CVE-2002-0001.
- More information:
-
Joost Pol found a buffer overflow in the address handling code of
mutt (a popular mail user agent). Even though this is a one byte
overflow this is exploitable.
This has been fixed upstream in version 1.2.5.1 and 1.3.25. The relevant patch has been added to version 1.2.5-5 of the Debian package.
- Fixed in:
-
Debian GNU/Linux 2.2 (potato)
- Source:
- http://security.debian.org/dists/stable/updates/main/source/mutt_1.2.5-5.diff.gz
- http://security.debian.org/dists/stable/updates/main/source/mutt_1.2.5-5.dsc
- http://security.debian.org/dists/stable/updates/main/source/mutt_1.2.5.orig.tar.gz
- http://security.debian.org/dists/stable/updates/main/source/mutt_1.2.5-5.dsc
- Alpha:
- http://security.debian.org/dists/stable/updates/main/binary-alpha/mutt_1.2.5-5_alpha.deb
- ARM:
- http://security.debian.org/dists/stable/updates/main/binary-arm/mutt_1.2.5-5_arm.deb
- Intel IA-32:
- http://security.debian.org/dists/stable/updates/main/binary-i386/mutt_1.2.5-5_i386.deb
- Motorola 680x0:
- http://security.debian.org/dists/stable/updates/main/binary-m68k/mutt_1.2.5-5_m68k.deb
- PowerPC:
- http://security.debian.org/dists/stable/updates/main/binary-powerpc/mutt_1.2.5-5_powerpc.deb
- SPARC:
- http://security.debian.org/dists/stable/updates/main/binary-sparc/mutt_1.2.5-5_sparc.deb
MD5 checksums of the listed files are available in the original advisory. (DSA-096-2)