A security issue fixed upstream in libetpan has been announced: http://openwall.com/lists/oss-security/2017/05/08/6 The issue is fixed in 1.8. The message above contains a link to the upstream commit that fixed the issue. Mageia 5 is also affected.
Whiteboard: (none) => MGA5TOO
Fixed in cauldron
Whiteboard: MGA5TOO => (none)CC: (none) => mageiaVersion: Cauldron => 5
CVE: (none) => CVE-2017-8825
Assigning to all packagers collectively, since there is no registered maintainer for this package.
Assignee: bugsquad => pkg-bugsCC: (none) => marja11
Patched package uploaded for Mageia 5. Advisory: ======================== Updated libetpan package fixes security vulnerability: It was discovered that libetpan, a C language mail access and handling library that is used in a number of MUAs, contained a NULL dereference vulnerability in the MIME handling code (CVE-2017-8825) References: http://openwall.com/lists/oss-security/2017/05/08/6 ======================== Updated packages in core/updates_testing: ======================== lib64etpan17-1.6-1.1.mga5 lib64etpan-devel-1.6-1.1.mga5 libetpan-debuginfo-1.6-1.1.mga5 from libetpan-1.6-1.1.mga5.src.rpm
CC: (none) => mramboAssignee: pkg-bugs => qa-bugs
Whiteboard: (none) => advisoryCC: (none) => davidwhodgins
MGA5-32 on Asus A6000VM Xfce No installation issues. Claws mail is dependent on libetpan17. Opened claw mail and sent message (including an attachment) and with $ strace -o libetpan17 claws-mail found in the trace file open("/lib/libetpan.so.17", O_RDONLY|O_CLOEXEC) = 3 So OK for me.
Whiteboard: advisory => advisory MGA5-32-OKCC: (none) => herman.viaene
Testing M5_64 $ urpmq -i lib64etpan17 The purpose of this mail library is to provide a portable, efficient framework for different kinds of mail access. $ urpmq --whatrequires lib64etpan17 claws-mail I use Claws-mail routinely. BEFORE the update: ib64etpan17-1.6-1.mga5 AFTER the update: lib64etpan17-1.6-1.1.mga5 $ strace claws-mail 2>&1 | grep libetpan open("/lib64/libetpan.so.17", O_RDONLY|O_CLOEXEC) = 3 Sent a few messages to myself at 2 addresses, with attachment. All looks OK. Validating; already advisoried.
Whiteboard: advisory MGA5-32-OK => advisory MGA5-32-OK MGA5-64-OKKeywords: (none) => validated_updateCC: (none) => lewyssmith, sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGASA-2017-0191.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED