-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=============================================================================
mail-notification-SA-04:3.asc             Mail Notification Security Advisory

Module:		Gmail
Announced:	2004-10-06
Affects:	0.6.0, 0.6.1, 0.6.2
Corrected:	0.7.0

I.   Problem Description

Untrusted network input is used to build some URIs passed to
soup_context_get(), but its return value is not tested. If an
unparsable URI is passed, soup_context_get() will return null. With
some libsoup configurations, this may later lead to a null pointer
indirection.

II.  Impact

The likely impact is a crash of the program. Note however that for
this attack to be possible, the attacker must first hijack the
connection between Mail Notification and the Gmail server.

III. Workaround

Do not monitor a Gmail mailbox. If you want to ensure that the faulty
code will not be used, reinstall Mail Notification using the following
commands:

$ ./configure --disable-gmail
$ make
$ make install

IV.  Solution

Upgrade Mail Notification to version 0.7.0 or superior.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (FreeBSD)

iD8DBQFBZDPdyzD7UaO4AGoRAnZqAJ0dDGvNOEq9KpWrUihQ0DRpauQQHwCfaTYt
YAr19zawqPjsC5LXp/gI8+0=
=GFzQ
-----END PGP SIGNATURE-----