PublicDateAtUSN: 2010-07-08
Candidate: CVE-2010-2494
PublicDate: 2010-07-08 18:30:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2494
 http://bogofilter.sourceforge.net/security/bogofilter-SA-2010-01
 https://ubuntu.com/security/notices/USN-980-1
Description:
 Multiple buffer underflows in the base64 decoder in base64.c in (1)
 bogofilter and (2) bogolexer in bogofilter before 1.2.2 allow remote
 attackers to cause a denial of service (heap memory corruption and
 application crash) via an e-mail message with invalid base64 data that
 begins with an = (equals) character.
Ubuntu-Description:
Notes:
Bugs:
 https://bugzilla.redhat.com/show_bug.cgi?id=611551
Priority: medium
Discovered-by: Julius Plenz
Assigned-to: mdeslaur
CVSS: 

Patches_bogofilter:
 upstream: http://bogofilter.svn.sourceforge.net/viewvc/bogofilter/trunk/bogofilter/src/base64.c?view=patch&r1=6906&r2=6903
 upstream: http://bogofilter.svn.sourceforge.net/viewvc/bogofilter?view=revision&revision=6905
upstream_bogofilter: released (1.2.2)
dapper_bogofilter: ignored (reached end-of-life)
hardy_bogofilter: released (1.1.5-2ubuntu5.1)
jaunty_bogofilter: released (1.1.7-1ubuntu1.1)
karmic_bogofilter: released (1.2.0-3ubuntu1.1)
lucid_bogofilter: released (1.2.1-0ubuntu1.1)
devel_bogofilter: not-affected (1.2.2-1ubuntu1)