Bug#1014221: bullseye-pu:package procmail/3.22-26+deb11u1

Sat, 02 Jul 2022 04:39:26 -0700 

Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian....@packages.debian.org
Usertags: pu
Dear release managers: There was a NULL pointer dereference fix in procmail which I've just applied to bullseye as well. There is no CVE for this, but nevertheless it's the type of bug I don't want to see in stable.
The patch was taken from the author's git repository and it has been working in testing/unstable for several months now. 

The debdiff is attached.

(I will also try to upload for buster before its final release)

Thanks.
diff -Nru procmail-3.22/debian/changelog procmail-3.22/debian/changelog
--- procmail-3.22/debian/changelog      2017-11-16 23:42:36.000000000 +0100
+++ procmail-3.22/debian/changelog      2022-07-02 13:20:00.000000000 +0200
@@ -1,3 +1,11 @@
+procmail (3.22-26+deb11u1) unstable; urgency=medium
+
+  * Fix NULL pointer dereference. Closes: #769938.
+    Reported by Jakub Wilk using American Fuzzy Lop.
+    Patch from Stephen R. van den Berg.
+
+ -- Santiago Vila <sanv...@debian.org>  Sat, 02 Jul 2022 13:20:00 +0200
+
 procmail (3.22-26) unstable; urgency=medium
 
   * Fix buffer overflow in loadbuf(). Closes: #876511.
diff -Nru procmail-3.22/debian/patches/31 procmail-3.22/debian/patches/31
--- procmail-3.22/debian/patches/31     1970-01-01 01:00:00.000000000 +0100
+++ procmail-3.22/debian/patches/31     2022-07-02 12:32:00.000000000 +0200
@@ -0,0 +1,19 @@
+From: Stephen R. van den Berg <s...@cuci.nl>
+Subject: Cater for mails containing an incomplete From_ line.
+Bug-Debian: http://bugs.debian.org/769938
+X-Debian-version: 3.22-27
+
+--- a/src/from.c
++++ b/src/from.c
+@@ -117,7 +117,10 @@
+             themail.p[extra]='\0';              /* terminate it for strchr */
+           }
+          while(!(rstart=strchr(themail.p,'\n')));
+-         extra=rstart?extra-(++rstart-themail.p):0;
++         if (rstart)
++           extra -= ++rstart - themail.p;
++         else
++           extra = 0, rstart = themail.p;
+        }
+       else
+        { size_t tfrl= ++rstart-themail.p; /* length of existing From_ line */
diff -Nru procmail-3.22/debian/patches/series 
procmail-3.22/debian/patches/series
--- procmail-3.22/debian/patches/series 2017-11-16 23:41:45.000000000 +0100
+++ procmail-3.22/debian/patches/series 2022-07-02 12:00:00.000000000 +0200
@@ -29,3 +29,4 @@
 28
 29
 30
+31

Reply via email to