The openSUSE project reports:
The problematic function in question is putSDN() in mail.c. The static variable cp
is used as an index for a fixed-sized buffer ibuf
. There is a range check: if ( cp >= HDR_BUF_LEN ) ...
but under certain circumstances, cp can be incremented beyond the buffer size, leading to a buffer overwrite