Univention Bugzilla – Bug 37238
procmail: Buffer overflow (ES 3.1)
Last modified: 2015-06-30 18:07:19 CEST
CVE-2014-3618 A heap-based buffer overflow in the formail tool of procmail allows the execution of arbitrary code when processing a malformed mail.
# repo_stat.py procmail 3.22-19 imported on 2011-01-08 06:45:20.711581 (auto import) Included in release tag 3.0-0-0 (31109) procmail_3.22-19.11.201104141333.dsc 3.22-19+deb6u1 imported on 2014-09-17 19:07:54.323331 Included in scope errata3.2-3 for release tag 3.2-0-0 (68958) procmail_3.22-19.15.201409171908.dsc # repo_admin.py -U -p procmail -d squeeze-lts -r 3.1-0-0 -s extsec3.1 repo_admin.py --cherrypick -r 3.2 -s errata3.2-3 --releasedest 3.1 --dest extsec3.1 -p procmail echo -n 12 >/var/univention/buildsystem2/config/versions/procmail build-package-ng -r 3.1-0-0 -P ucs -s extsec3.1 --no-pbuilder-update -p procmail echo -n 16 >/var/univention/buildsystem2/config/versions/procmail Package: procmail Version: 3.22-19.13.201506191522 Branch: ucs_3.1-0 Scope: extsec3.1 OK: apt-get install procmail=3.22-19.11.201104141333 wget -q -O- 'https://groups.google.com/forum/message/raw?msg=alt.arts.poetry.comments/DCuLO3qzovI/CZk15MlfqNkJ' | tr -d '\r' | formail -s >/dev/null apt-get install procmail=3.22-19.13.201506191522 apt-get remove procmail apt-get install procmail=3.22-19.13.201506191522 apt-get purge procmail apt-get install procmail=3.22-19.13.201506191522 univention-upgrade --updateto 3.2-3 --ignoressh --ignoreterm --noninteractive</dev/null;apt-cache policy procmail
Created attachment 6970 [details] Procmail extsec3.1 Advisory
(In reply to Philipp Hahn from comment #2) > Created attachment 6970 [details] > Procmail extsec3.1 Advisory CVE-ID wrong Tests (amd64): OK
Created attachment 6980 [details] Procmail extsec3.1 Advisory v2
Released