CVE-2007-2683

Published: 15 May 2007

Buffer overflow in Mutt 1.4.2 might allow local users to execute arbitrary code via "&" characters in the GECOS field, which triggers the overflow during alias expansion.

Priority

Status

Package	Release	Status
mutt Launchpad, Ubuntu, Debian	dapper	Ignored (end of life)
	edgy	Ignored (end of life, was needed)
	feisty	Ignored (end of life, was needed)
	gutsy	Ignored (end of life, was needed)
	hardy	Not vulnerable
	intrepid	Not vulnerable
	jaunty	Not vulnerable
	karmic	Not vulnerable
	lucid	Not vulnerable
	maverick	Not vulnerable
	natty	Not vulnerable
	upstream	Needs triage

References

http://dev.mutt.org/trac/ticket/2885
http://dev.mutt.org/trac/changeset/47d08903b79b
https://www.cve.org/CVERecord?id=CVE-2007-2683
NVD
Launchpad
Debian

Bugs

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=426116

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›