{"id":"MGASA-2016-0067","summary":"Updated claws-mail packages fix CVE-2015-8708","details":"Updated claws-mail fix security vulnerabilities\n\nA stack-based buffer overflow has been found in conv_euctojis() after applying \nincomplete patch for CVE-2015-8614. In conv_euctojis() the comparison is with \noutlen - 3, but each pass through the loop uses up to 5 bytes and the rest of \nthe function may add another 4 bytes. The comparison should presumably be\n'\u003c= outlen - 9' or equivalently '\u003c outlen - 8'. (CVE-2015-8708)\n","modified":"2026-04-16T06:23:44.140701827Z","published":"2016-02-17T19:06:01Z","upstream":["CVE-2015-8708"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2016-0067.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=17722"},{"type":"REPORT","url":"http://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=3557"},{"type":"WEB","url":"https://lists.fedoraproject.org/pipermail/package-announce/2016-February/176949.html"},{"type":"ADVISORY","url":"https://security-tracker.debian.org/tracker/CVE-2015-8708"}],"affected":[{"package":{"name":"claws-mail","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/claws-mail?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.11.1-3.1.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2016-0067.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}