[3.3] claws-mail: Stack overflow in conv_{jistoeuc,euctojis,sjistoeuc} (CVE-2015-8614)
Stack-based buffer overflow vulnerabilities were found in
conv_jistoeuc, conv_euctojis, conv_sjistoeuc functions,
caused by missing bound checking on the output buffer, which is created
on the stack with alloca().
Fixed In Version:
claws-mail 3.13.1
References:
https://bugzilla.redhat.com/show\_bug.cgi?id=CVE-2015-8614
Patch:
http://git.claws-mail.org/?p=claws.git;a=commit;h=d390fa07f5548f3173dd9cc13b233db5ce934c82
(from redmine: issue id 5658, created on 2016-05-31, closed on 2016-06-24)
- Relations:
- parent #5657 (closed)
- Changesets:
- Revision 713311c3 on 2016-06-23T13:57:55Z:
community/claws-mail: security upgrade to 3.13.1 (CVE-2015-8614). Fixes #5658