Package: claws
Severity: grave
Tags: security
Hi,
claws-mail embeds a copy of libytnef:
| claws-mail (3.10.1-1) unstable; urgency=medium
|
| - Remove libytnef dependency: it was assimilated (and modified)
But it's missing the security fix CVE-2010-5109, I'm attaching the
patch from src:libytnef
Can you please fix this for jessie and forward the patch upstream?
Cheers,
Moritz
Index: b/ytnef.c
===================================================================
--- a/ytnef.c
+++ b/ytnef.c
@@ -1328,7 +1328,7 @@
comp_Prebuf.size = strlen(RTF_PREBUF);
comp_Prebuf.data = calloc(comp_Prebuf.size, 1);
- strcpy(comp_Prebuf.data, RTF_PREBUF);
+ memcpy(comp_Prebuf.data, RTF_PREBUF, comp_Prebuf.size);
src = p->data;
in = 0;
