bogofilter-SA-2012-01: security vulnerability in bogofilter versions before 1.2.3.
Matthias Andree
matthias.andree at gmx.de
Tue Jul 30 07:59:29 CEST 2013
Am 08.06.2013 02:11, schrieb rh:
> This has been fixed a few times now. What gives?
>
> On Mon, 03 Dec 2012 23:51:53 +0100
> Matthias Andree <matthias.andree at gmx.de> wrote:
>
>> bogofilter-SA-2012-01
>>
>> Topic: heap corruption overrun in bogofilter/bogolexer
>>
>> Announcement: bogofilter-SA-2012-01
>> Writer: Matthias Andree
>> Version: 1.0
>> CVE ID: CVE-2012-5468
>> Announced: 2012-12-03
>> Category: vulnerability
>> Type: out of bounds write through invalid input
>> Impact: heap corruption, application crash
>> Credits: Julius Plenz (FU Berlin, Germany)
>> Danger: medium
>> URL:
>> http://bogofilter.sourceforge.net/security/bogofilter-SA-2012-01
Sorry for the late response, this question slipped my attention.
"This has been fixed now" is not accurate, probably as a result from a
misunderstanding. Your "This" apparently refers to "heap corruption" or
"heap overrun", and it describes a _class_ of defects that exhibit a
certain behaviour common to some bugs, and does not describe a single
bug in a particular place.
The actual affected bug locations were different from previous bugs that
got fixed.
So, a different bug, a different CVE ID, different input required to
trigger its adverse effects, and a different fix required.
More information about the Bogofilter
mailing list