GNOME Bugzilla – Bug 614025
Backport 2.4 patch to fix CVE-2010-0409
Last modified: 2010-03-26 23:51:08 UTC
Yes, I am aware of https://bugzilla.gnome.org/show_bug.cgi?id=613653#c6 , but gmime-2.2 is still needed since some apps (like dbmail) are still requiring it and, then, would be nice to get attached patch (taken from fedora and working ok also in Gentoo) commited in 2.2 branch to fix http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0409 Thanks a lot
Created attachment 157185 [details] [review] gmime-uuencode-buffer-overflow.patch
Please submit this to your distro maintainer(s). There's no real need for me to roll a new 2.2.x release for this. If needed, I will gladly confirm to the distro maintainers that this patch is approved by me. (or just link them here so that they can see I already approve ;-) I just don't want to get stuck maintaining 2.2.x any longer since I consider it long dead, replaced by 2.4.x years ago.
No problem, I already commited it in Gentoo, but wanted to be sure upstream was aware. Best regards :-)
ok, cool