hypermail - buffer overflows

Ulf Härnhammar discovered two problems in hypermail, a program to
create HTML archives of mailing lists.

An attacker could craft a long filename for an attachment that would
overflow two buffers when a certain option for interactive use was
given, opening the possibility to inject arbitrary code. This code
would then be executed under the user id hypermail runs as, mostly as
a local user. Automatic and silent use of hypermail does not seem to
be affected.

The CGI program mail, which is not installed by the Debian package,
does a reverse look-up of the user’s IP number and copies the
resulting hostname into a fixed-size buffer. A specially crafted DNS
reply could overflow this buffer, opening the program to an exploit.

For the stable distribution (woody) this problem has been fixed in
version 2.1.3-2.0.

For the old stable distribution (potato) this problem has been fixed
in version 2.0b25-1.1.

For the unstable distribution (sid) this problem has been fixed
in version 2.1.6-1.

We recommend that you upgrade your hypermail packages.