[Bug 216591] Re: [CVE-2008-1648] denial of service via crafted Content-Type header

Launchpad Bug Tracker 216591 at bugs.launchpad.net
Sun Apr 20 02:28:08 BST 2008

This bug was fixed in the package sympa - 5.3.4-2ubuntu2

sympa (5.3.4-2ubuntu2) hardy; urgency=low

  * SECURITY UPDATE: (LP: #216591)
   + fixed src/PlainDigest.pm inline
    - Sympa before 5.4 allows remote attackers to cause a denial of
      service (daemon crash) via an e-mail message with a malformed
      value of the Content-Type header and unspecified other headers.
      NOTE: some of these details are obtained from third party
  * References
   + http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2008-1648
   + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=475163

 -- Emanuele Gentili <emgent at emanuele-gentili.com>   Mon, 14 Apr 2008
08:44:38 +0200

** Changed in: sympa (Ubuntu Hardy)
       Status: In Progress => Fix Released

[CVE-2008-1648] denial of service via crafted Content-Type header
You received this bug notification because you are a member of Ubuntu
Sponsors for universe, which is a direct subscriber.

More information about the Ubuntu-universe-sponsors mailing list