[LWN Logo]

Date: Thu, 27 Aug 1998 22:18:03 +0200
From: Martin Schulze <joey@kuolema.Infodrom.North.DE>
To: Debian Security Announcements <debian-security-announce@lists.debian.org>
Subject: [SECURITY] New versions of Mutt fixes buffer overflow


--bAmEntskrkuBymla
Content-Type: text/plain; charset=us-ascii

We have received a report from Paul Boehm stating that Mutt has an
overflowable buffer in parse.c.  When sending malicious mail you can
execute arbitary code on the mutt running user's system.  We recommend
you upgrade your Mutt package immediately.

dpkg -i file.deb
        will install the referenced file.

Debian GNU/Linux 2.0 alias hamm
-------------------------------

  This version of Debian were released only for the Intel and the
  Motorola 68xxx architecture.

  Intel architecture:
    ftp://ftp.debian.org/debian/dists/stable-updates/mutt_0.91.2-2_i386.deb
      MD5 checksum: cdebc73fe5be56a9c030d80c147e4e4d

  Motorola 68xxx architecture:
    ftp://ftp.debian.org/debian/dists/stable-updates/mutt_0.91.2-2_m68k.deb
      MD5 checksum: 1428f3ca62c5ae69b1dc10182ea24e65

  These files will be moved into
  ftp://ftp.debian.org/debian/dists/hamm/binary-$arch/ soon.


For other architectures please refer to the appropriate directory
ftp://ftp.debian.org/debian/dists/sid/binary-$arch/ .

--
Debian GNU/Linux    .    Security Managers    .    security@debian.org
              debian-security-announce@lists.debian.org
Christian Hudon <chrish@debian.org> . Martin Schulze <joey@debian.org>

--bAmEntskrkuBymla
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia

iQCVAwUBNeW++xRNm5Suj3z1AQFPGQP/WgiBfBZogM7jQ82I1JaVjZY0q3W+oBfF
EGlbeTzf7URepcrRuC4SE7QRbacyghksHGoO9cgNxBq9zQHr8BGyw0djKWoygWPB
Az/cF0p9cz7Jlonyl5aJY2aCoRg2V9xs2Ppc3o2r4NXQMFu7eQJOO73Xqy58IGSW
fyoAr5guJ8A=
=WXag
-----END PGP SIGNATURE-----

--bAmEntskrkuBymla--


--  
To UNSUBSCRIBE, email to debian-security-announce-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org