[Bug 216591] Re: [CVE-2008-1648] denial of service via crafted Content-Type header
Launchpad Bug Tracker
216591 at bugs.launchpad.net
Sun Apr 20 02:28:08 BST 2008
This bug was fixed in the package sympa - 5.3.4-2ubuntu2
---------------
sympa (5.3.4-2ubuntu2) hardy; urgency=low
* SECURITY UPDATE: (LP: #216591)
+ fixed src/PlainDigest.pm inline
- Sympa before 5.4 allows remote attackers to cause a denial of
service (daemon crash) via an e-mail message with a malformed
value of the Content-Type header and unspecified other headers.
NOTE: some of these details are obtained from third party
information.
* References
+ http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2008-1648
+ http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=475163
-- Emanuele Gentili <emgent at emanuele-gentili.com> Mon, 14 Apr 2008
08:44:38 +0200
** Changed in: sympa (Ubuntu Hardy)
Status: In Progress => Fix Released
--
[CVE-2008-1648] denial of service via crafted Content-Type header
https://bugs.launchpad.net/bugs/216591
You received this bug notification because you are a member of Ubuntu
Sponsors for universe, which is a direct subscriber.
More information about the Ubuntu-universe-sponsors
mailing list