Package: claws Severity: grave Tags: security Hi, claws-mail embeds a copy of libytnef:
| claws-mail (3.10.1-1) unstable; urgency=medium | | - Remove libytnef dependency: it was assimilated (and modified) But it's missing the security fix CVE-2010-5109, I'm attaching the patch from src:libytnef Can you please fix this for jessie and forward the patch upstream? Cheers, Moritz
Index: b/ytnef.c =================================================================== --- a/ytnef.c +++ b/ytnef.c @@ -1328,7 +1328,7 @@ comp_Prebuf.size = strlen(RTF_PREBUF); comp_Prebuf.data = calloc(comp_Prebuf.size, 1); - strcpy(comp_Prebuf.data, RTF_PREBUF); + memcpy(comp_Prebuf.data, RTF_PREBUF, comp_Prebuf.size); src = p->data; in = 0;