LILiK
/
openwrt-packages-dist
5
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
8546 Commits
1 Branch
46 MiB
Tree: d360d159b4
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'd360d159b4'
${ noResults }
openwrt-packages-dist/mail/mutt/patches/100-CVE-2014-9116.patch

31 lines
830 B
Raw Normal View History

mail/mutt: update to 1.7.2 Update mutt to upstream release 1.7.2 Also introduce a patch for CVE-2014-9116, which addresses a DoS-attack. The patch is originally found at Debian's package of mutt 1.7.1 Signed-off-by: Paul Wassi <p.wassi@gmx.at>
8 years ago
 
  1. From: Antonio Radici <antonio@debian.org>
  2. Date: Fri, 18 Sep 2015 11:48:47 +0200
  3. Subject: 771125-CVE-2014-9116-jessie
  4. 

  5. This patch solves the issue raised by CVE-2014-9116 in bug 771125.
  6. 

  7. We correctly redefine what are the whitespace characters as per RFC5322; by
  8. doing so we prevent mutt_substrdup from being used in a way that could lead to
  9. a segfault.
  10. 

  11. The lib.c part was written by Antonio Radici <antonio@debian.org> to prevent
  12. crashes due to this kind of bugs from happening again.
  13. 

  14. Signed-off-by: Matteo F. Vescovi <mfv@debian.org>
  15. ---

  16.  lib.c | 3 +++
  17.  1 file changed, 3 insertions(+)
  18. 

  19. diff -rupN a/lib.c b/lib.c

  20. --- a/lib.c

  21. +++ b/lib.c

  22. @@ -815,6 +815,9 @@ char *mutt_substrdup (const char *begin,

  23.    size_t len;
  24.    char *p;
  25.  
  26. +  if (end != NULL && end < begin)

  27. +    return NULL;

  28. +

  29.    if (end)
  30.      len = end - begin;
  31.    else