Bug#769938: marked as done (procmail: NULL pointer dereference)

Sat, 02 Jul 2022 10:19:11 -0700 

Your message dated Sat, 02 Jul 2022 17:17:11 +0000
with message-id <[email protected]>
and subject line Bug#769938: fixed in procmail 3.22-26+deb11u1
has caused the Debian Bug report #769938,
regarding procmail: NULL pointer dereference
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
769938: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=769938
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: procmail
Version: 3.22-22
Usertags: afl
If there's no \n at all in the mail, or if the "From " line contains null byte, procmail dereferences NULL pointer: 

$ printf 'From ' | procmail -d jwilk
Segmentation fault


This bug was brought to you by American fuzzy lop:
http://lcamtuf.coredump.cx/afl/

-- System Information:
Debian Release: jessie/sid
 APT prefers unstable
 APT policy: (990, 'unstable'), (500, 'experimental')
Architecture: i386 (x86_64)
Foreign Architectures: amd64

Kernel: Linux 3.2.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=C, LC_CTYPE=pl_PL.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages procmail depends on:
ii  libc6  2.19-13

Versions of packages procmail recommends:
ii  esmtp-run [mail-transport-agent]  1.2-12
ii  fetchmail                         6.3.26-1+b1

--
Jakub Wilk

--- End Message ---
--- Begin Message --- 
Source: procmail
Source-Version: 3.22-26+deb11u1
Done: Santiago Vila <[email protected]>

We believe that the bug you reported is fixed in the latest version of
procmail, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Santiago Vila <[email protected]> (supplier of updated procmail package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sat, 02 Jul 2022 13:20:00 +0200
Source: procmail
Architecture: source
Version: 3.22-26+deb11u1
Distribution: bullseye
Urgency: medium
Maintainer: Santiago Vila <[email protected]>
Changed-By: Santiago Vila <[email protected]>
Closes: 769938
Changes:
 procmail (3.22-26+deb11u1) bullseye; urgency=medium
 .
   * Fix NULL pointer dereference. Closes: #769938.
     Reported by Jakub Wilk using American Fuzzy Lop.
     Patch from Stephen R. van den Berg.
Checksums-Sha1:
 b3ee327e14ec0c9d633cc3fe7db5f84f1cf54fa4 1352 procmail_3.22-26+deb11u1.dsc
 2d27fe7ed2fd92655861850504e5035d33554c33 20252 
procmail_3.22-26+deb11u1.debian.tar.xz
 0c73f000343b55d8d9abf40fd27264e8afaed1de 4302 
procmail_3.22-26+deb11u1_source.buildinfo
Checksums-Sha256:
 406e388acfacd339522ae659ba5a8f4970c20a0f850e40085ca1c8933943bed1 1352 
procmail_3.22-26+deb11u1.dsc
 e74afb37998affc7a1ae2182734cde36422cadfe38a6910a97c3bc61097033e8 20252 
procmail_3.22-26+deb11u1.debian.tar.xz
 1f3b1c989cbb427fc400fb583c2dc9f9c05c6ea990d9d0d919686fad4081c231 4302 
procmail_3.22-26+deb11u1_source.buildinfo
Files:
 435072eb7cf670770cc1089a1be6aebf 1352 mail standard 
procmail_3.22-26+deb11u1.dsc
 8d44b3683ec73252002ae6a5f4cd6b0d 20252 mail standard 
procmail_3.22-26+deb11u1.debian.tar.xz
 6ee9dbdc96d267e6a6a4dd065cffbad5 4302 mail standard 
procmail_3.22-26+deb11u1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEE1Uw7+v+wQt44LaXXQc5/C58bizIFAmLAK4cACgkQQc5/C58b
izIAuwf/aEmaK0oGxJxj3Jirw/y+esHWz4hf9IMpXRYqYJlIKz7oNGWsx7SUfNXD
wIrVEFW0y856bIlCsvH78tP5+N6b7/dlrN/2538RzZJUgGXbzkEHw/V4yJyfRmlh
1gfbs2+rY+Dt0Gt0RLpvGo8uVZeVOjee6h/DWj976k7b96PDvwFwgzf4dSj6+ZHI
CncBa+GyWPnhUW9pcw1YNXlwsLqdCua7mc01EqnxhUeD7JGDrPgS/VQ4RJkONGpR
5c8hq0quoNUMgkqFfqLQTskuXng8ZyvDoFuBfZDTRSRA2nE1pY87TXPsWOThoFS4
TqWhZaLt/dYE5ABf+e3Jf+g4L+06CQ==
=lv/k
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to