Your message dated Sun, 21 Jun 2020 07:01:40 +0200
with message-id <20200621050140.GJ390@sarastro>
and subject line Re: Bug#859652: mutt: Crashes when trying to display (or
fetch) a specific S/MIME-signed message
has caused the Debian Bug report #859652,
regarding mutt: Crashes when trying to display a specific S/MIME-signed message
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
859652: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859652
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: mutt
Version: 1.7.2-1
Severity: important
Tags: security
Dear Maintainer,
for the first time since upgrading to Stretch a few months ago, mutt
crashed when I pressed enter on mail -- both when viewing locally as
well as via IMAP). Starting up mutt again and trying to display that
mail again crashes again, i.e. it seems to be reproducible.
Here's a backtrace made from the coredump:
#0 strlen () at ../sysdeps/x86_64/strlen.S:106
#1 0x00007fd336bbc895 in __GI__IO_fputs (str=0x0, fp=0x55b6136a45d0) at
iofputs.c:33
#2 0x000055b6127122dc in print_smime_keyinfo (msg=0x55b612761572 "Problem
signature from:", key=key@entry=0x0, s=s@entry=0x7fff04837490, sig=<optimized
out>, sig=<optimized out>) at ../../crypt-gpgme.c:1375
#3 0x000055b61271282c in show_one_sig_status (ctx=ctx@entry=0x55b6134741c0,
idx=idx@entry=0, s=s@entry=0x7fff04837490) at ../../crypt-gpgme.c:1491
#4 0x000055b61271332c in verify_one (s=0x7fff04837490, tempfile=<optimized
out>, is_smime=<optimized out>, sigbdy=<optimized out>, sigbdy=<optimized out>)
at ../../crypt-gpgme.c:1576
#5 0x000055b61269717e in mutt_signed_handler (a=0x55b61384f900,
a@entry=0x55b61386e800, s=s@entry=0x7fff04837490) at ../../crypt.c:1005
#6 0x000055b6126bf119 in run_decode_and_handler (b=b@entry=0x55b61386e800,
s=s@entry=0x7fff04837490, handler=handler@entry=0x55b612696d40
<mutt_signed_handler>, plaintext=plaintext@entry=0) at ../../handler.c:1697
#7 0x000055b6126bf481 in mutt_body_handler (b=b@entry=0x55b61386e800,
s=s@entry=0x7fff04837490) at ../../handler.c:1842
#8 0x000055b6126a05fb in _mutt_copy_message (fpout=fpout@entry=0x55b6136a45d0,
fpin=0x55b6136b9150, hdr=hdr@entry=0x55b61386e260, body=0x55b61386e800,
flags=flags@entry=2124, chflags=<optimized out>, chflags@entry=262294) at
../../copy.c:695
#9 0x000055b6126a0b6b in mutt_copy_message (fpout=0x55b6136a45d0,
src=0x55b612f7bb50, hdr=hdr@entry=0x55b61386e260, flags=flags@entry=2124,
chflags=262294) at ../../copy.c:783
#10 0x000055b6126987c8 in mutt_display_message (cur=0x55b61386e260) at
../../commands.c:159
#11 0x000055b6126a7f0c in mutt_index_menu () at ../../curs_main.c:2041
#12 0x000055b612688f16 in main (argc=1, argv=<optimized out>,
environ=<optimized out>) at ../../main.c:896
Thunderbird can display the mail and says that the S/MIME signature is
not valid.
In case the backtrace above does not suffice to find the issue, I can
probably provide the mail in private.
I'm not 100% sure if this might be a security issue. It is at least
usable as DOS against mutt users and mutt crashes on input received from
untrusted sources. No idea if that might be used for remote code
execution or similar. So to be on the safe side, I'm tagging this as
"security".
Security team: Please remove this tag if you think that this issue does
not validate further investigation from a security point of view.
-- Package-specific info:
NeoMutt 20170113 (1.7.2)
Copyright (C) 1996-2016 Michael R. Elkins and others.
Mutt comes with ABSOLUTELY NO WARRANTY; for details type `mutt -vv'.
Mutt is free software, and you are welcome to redistribute it
under certain conditions; type `mutt -vv' for details.
System: Linux 4.9.0-2-amd64 (x86_64)
libidn: 1.33 (compiled with 1.33)
hcache backends: tokyocabinet
Compiler:
Using built-in specs.
COLLECT_GCC=gcc
COLLECT_LTO_WRAPPER=/usr/lib/gcc/x86_64-linux-gnu/6/lto-wrapper
Target: x86_64-linux-gnu
Configured with: ../src/configure -v --with-pkgversion='Debian 6.3.0-2'
--with-bugurl=file:///usr/share/doc/gcc-6/README.Bugs
--enable-languages=c,ada,c++,java,go,d,fortran,objc,obj-c++ --prefix=/usr
--program-suffix=-6 --program-prefix=x86_64-linux-gnu- --enable-shared
--enable-linker-build-id --libexecdir=/usr/lib --without-included-gettext
--enable-threads=posix --libdir=/usr/lib --enable-nls --with-sysroot=/
--enable-clocale=gnu --enable-libstdcxx-debug --enable-libstdcxx-time=yes
--with-default-libstdcxx-abi=new --enable-gnu-unique-object
--disable-vtable-verify --enable-libmpx --enable-plugin --enable-default-pie
--with-system-zlib --disable-browser-plugin --enable-java-awt=gtk
--enable-gtk-cairo --with-java-home=/usr/lib/jvm/java-1.5.0-gcj-6-amd64/jre
--enable-java-home --with-jvm-root-dir=/usr/lib/jvm/java-1.5.0-gcj-6-amd64
--with-jvm-jar-dir=/usr/lib/jvm-exports/java-1.5.0-gcj-6-amd64
--with-arch-directory=amd64 --with-ecj-jar=/usr/share/java/eclipse-ecj.jar
--with-target-system-zlib --enable-objc-gc=auto --enable-multiarch
--with-arch-32=i686 --with-abi=m64 --with-multilib-list=m32,m64,mx32
--enable-multilib --with-tune=generic --enable-checking=release
--build=x86_64-linux-gnu --host=x86_64-linux-gnu --target=x86_64-linux-gnu
Thread model: posix
gcc version 6.3.0 20161229 (Debian 6.3.0-2)
Configure options: '--build=x86_64-linux-gnu' '--prefix=/usr'
'--includedir=\${prefix}/include' '--mandir=\${prefix}/share/man'
'--infodir=\${prefix}/share/info' '--sysconfdir=/etc' '--localstatedir=/var'
'--disable-silent-rules' '--libdir=\${prefix}/lib/x86_64-linux-gnu'
'--libexecdir=\${prefix}/lib/x86_64-linux-gnu' '--disable-maintainer-mode'
'--disable-dependency-tracking' '--with-mailpath=/var/mail'
'--enable-compressed' '--enable-debug' '--enable-fcntl' '--enable-hcache'
'--enable-gpgme' '--enable-imap' '--enable-smtp' '--enable-pop'
'--enable-sidebar' '--enable-nntp' '--enable-notmuch' '--disable-fmemopen'
'--with-curses' '--with-gnutls' '--with-gss' '--with-idn' '--with-mixmaster'
'--with-sasl' '--without-gdbm' '--without-bdb' '--without-qdbm'
'--with-tokyocabinet' 'build_alias=x86_64-linux-gnu' 'CFLAGS=-g -O2
-fdebug-prefix-map=/build/mutt-K2ak0h/mutt-1.7.2=. -fstack-protector-strong
-Wformat -Werror=format-security' 'LDFLAGS=-Wl,-z,relro -Wl,-z,now'
'CPPFLAGS=-Wdate-time -D_FORTIFY_SOURCE=2'
Compilation CFLAGS: -Wall -pedantic -Wno-long-long -g -O2
-fdebug-prefix-map=/build/mutt-K2ak0h/mutt-1.7.2=. -fstack-protector-strong
-Wformat -Werror=format-security -fno-delete-null-pointer-checks
Compile options:
+CRYPT_BACKEND_CLASSIC_PGP +CRYPT_BACKEND_CLASSIC_SMIME +CRYPT_BACKEND_GPGME
+DEBUG +DL_STANDALONE +ENABLE_NLS -EXACT_ADDRESS -HOMESPOOL -LOCALES_HACK
-SUN_ATTACHMENT +HAVE_BKGDSET +HAVE_COLOR +HAVE_CURS_SET +HAVE_FUTIMENS
+HAVE_GETADDRINFO +HAVE_GETSID +HAVE_ICONV +HAVE_LANGINFO_CODESET
+HAVE_LANGINFO_YESEXPR +HAVE_LIBIDN +HAVE_META +HAVE_REGCOMP +HAVE_RESIZETERM
+HAVE_START_COLOR +HAVE_TYPEAHEAD +HAVE_WC_FUNCS +ICONV_NONTRANS
+USE_COMPRESSED +USE_DOTLOCK +USE_FCNTL -USE_FLOCK -USE_FMEMOPEN -USE_GNU_REGEX
+USE_GSS +USE_HCACHE +USE_IMAP +USE_NOTMUCH +USE_NNTP +USE_POP +USE_SASL
+USE_SETGID +USE_SIDEBAR +USE_SMTP +USE_SSL_GNUTLS -USE_SSL_OPENSSL
-DOMAIN
MIXMASTER="mixmaster"
-ISPELL
SENDMAIL="/usr/sbin/sendmail"
MAILPATH="/var/mail"
PKGDATADIR="/usr/share/mutt"
SYSCONFDIR="/etc"
EXECSHELL="/bin/sh"
patch-attach-headers-color-neomutt
patch-compose-to-sender-neomutt
patch-compress-neomutt
patch-cond-date-neomutt
patch-encrypt-to-self-neomutt
patch-fmemopen-neomutt
patch-forgotten-attachments-neomutt
patch-forwref-neomutt
patch-ifdef-neomutt
patch-index-color-neomutt
patch-initials-neomutt
patch-keywords-neomutt
patch-kyoto-neomutt
patch-limit-current-thread-neomutt
patch-lmdb-neomutt
patch-multiple-fcc-neomutt
patch-nested-if-neomutt
patch-new-mail-neomutt
patch-nntp-neomutt
patch-notmuch-neomutt
patch-progress-neomutt
patch-quasi-delete-neomutt
patch-reply-with-xorig-neomutt
patch-sensible-browser-neomutt
patch-sidebar-neomutt
patch-skip-quoted-neomutt
patch-status-color-neomutt
patch-timeout-neomutt
patch-tls-sni-neomutt
patch-trash-neomutt
To learn more about NeoMutt, visit: http://www.neomutt.org/
If you find a bug in NeoMutt, please raise an issue at:
https://github.com/neomutt/neomutt/issues
or send an email to: <[email protected]>
-- System Information:
Debian Release: 9.0
APT prefers testing-debug
APT policy: (500, 'testing-debug'), (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 4.9.0-2-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)
Versions of packages mutt depends on:
ii libassuan0 2.4.3-2
ii libc6 2.24-9
ii libcomerr2 1.43.4-2
ii libgnutls30 3.5.8-3
ii libgpg-error0 1.26-2
ii libgpgme11 1.8.0-3+b2
ii libgssapi-krb5-2 1.15-1
ii libidn11 1.33-1
ii libk5crypto3 1.15-1
ii libkrb5-3 1.15-1
ii libncursesw5 6.0+20161126-1
ii libnotmuch4 0.23.7-3
ii libsasl2-2 2.1.27~101-g0780600+dfsg-3
ii libtinfo5 6.0+20161126-1
ii libtokyocabinet9 1.4.48-11+b1
Versions of packages mutt recommends:
ii libsasl2-modules 2.1.27~101-g0780600+dfsg-3
ii locales 2.24-9
ii mime-support 3.60
Versions of packages mutt suggests:
ii aspell 0.60.7~20110707-3+b2
ii ca-certificates 20161130
ii gnupg 2.1.18-6
ii ispell 3.4.00-5
pn mixmaster <none>
ii openssl 1.1.0e-1
ii postfix [mail-transport-agent] 3.1.4-4
pn urlview <none>
Versions of packages mutt is related to:
ii mutt 1.7.2-1
-- no debconf information
--- End Message ---
--- Begin Message ---
On Sun, Jun 21, 2020 at 01:10:00AM +0200, Axel Beckert wrote:
> I checked Buster first:
>
> Both, mutt and neomutt in Buster do not crash on that mail anymore.
>
> I then checked on Sid. No crashes
>
> (And yes, I still had a mailbox named "crashes-mutt" with a single
> mail in it — dating about half an hour before my bug report. :-)
>
> So feel free to close the bug report.
>
> Not sure if you also want to track this bug for neomutt, too. The
> versions I tried are:
>
> * Buster: 20180716+dfsg.1-1
> * Sid: 20191207+dfsg.1-1.1 (and I noticed that I should update that Sid
> box again... ;-)
Thanks, I will close the but then :)
--- End Message ---
