OpenPKG CVS Repository http://cvs.openpkg.org/ ____________________________________________________________________________
Server: cvs.openpkg.org Name: Thomas Lotterer Root: /e/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-src Date: 09-Mar-2004 15:40:53 Branch: OPENPKG_1_3_SOLID Handle: 2004030914405200 Added files: (Branch: OPENPKG_1_3_SOLID) openpkg-src/mutt mutt.patch Modified files: (Branch: OPENPKG_1_3_SOLID) openpkg-src/mutt mutt.spec Log: SA-2004.005-mutt; CAN-2004-0078 Summary: Revision Changes Path 1.1.8.1 +50 -0 openpkg-src/mutt/mutt.patch 1.41.2.4.2.3+3 -1 openpkg-src/mutt/mutt.spec ____________________________________________________________________________ patch -p0 <<'@@ .' Index: openpkg-src/mutt/mutt.patch ============================================================================ $ cvs diff -u -r0 -r1.1.8.1 mutt.patch --- /dev/null 2004-03-09 15:40:53.000000000 +0100 +++ mutt.patch 2004-03-09 15:40:53.000000000 +0100 @@ -0,0 +1,50 @@ +http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=CAN-2004-0078 + Buffer overflow in the index menu code (menu_pad_string of menu.c) + for Mutt 1.4.1 and earlier allows remote attackers to cause a denial + of service (crash) and possibly execute arbitrary code via certain + mail messages. + +Index: menu.c +=================================================================== +RCS file: /home/roessler/cvs/mutt/menu.c,v +retrieving revision 2.27.2.1 +retrieving revision 2.27.2.2 +diff -u -d -u -d -r mutt-1-4-1-rel -r mutt-1-4-2-rel +--- menu.c 28 Jan 2002 10:18:50 -0000 2.27.2.1 ++++ menu.c 11 Feb 2004 10:07:17 -0000 2.27.2.2 +@@ -148,30 +148,13 @@ + menu->make_entry (s, l, menu, i); + } + +-void menu_pad_string (char *s, size_t l) ++void menu_pad_string (char *s, size_t n) + { +- size_t n = mutt_strlen (s); + int shift = option (OPTARROWCURSOR) ? 3 : 0; +- +- l--; /* save room for the terminal \0 */ +- if (l > COLS - shift) +- l = COLS - shift; +- +- /* Let's just pad the string anyway ... */ +- mutt_format_string (s, INT_MAX, l, l, 0, ' ', s, n, 1); +- return; ++ int cols = COLS - shift; + +-#if !defined (HAVE_BKGDSET) && !defined (USE_SLANG_CURSES) +- /* we have to pad the string with blanks to the end of line */ +- if (n < l) +- { +- while (n < l) +- s[n++] = ' '; +- s[n] = 0; +- } +- else +-#endif +- s[l] = 0; ++ mutt_format_string (s, n, cols, cols, 0, ' ', s, strlen (s), 1); ++ s[n - 1] = 0; + } + + void menu_redraw_full (MUTTMENU *menu) + @@ . patch -p0 <<'@@ .' Index: openpkg-src/mutt/mutt.spec ============================================================================ $ cvs diff -u -r1.41.2.4.2.2 -r1.41.2.4.2.3 mutt.spec --- openpkg-src/mutt/mutt.spec 22 Sep 2003 18:47:23 -0000 1.41.2.4.2.2 +++ openpkg-src/mutt/mutt.spec 9 Mar 2004 14:40:52 -0000 1.41.2.4.2.3 @@ -36,7 +36,7 @@ Group: Mail License: BSD Version: %{V_mutt}i -Release: 1.3.1 +Release: 1.3.2 # build options %option with_comp no @@ -52,6 +52,7 @@ Patch1: ftp://ftp.mutt.org.ua/pub/mutt/mutt-%{V_mutt}/patch-%{V_mutt}.vvv.nntp.gz Patch2: ftp://ftp.mutt.org.ua/pub/mutt/mutt-%{V_mutt}/patch-%{V_mutt}.vvv.initials.gz Patch3: ftp://ftp.mutt.org.ua/pub/mutt/mutt-%{V_mutt}/patch-%{V_mutt}.vvv.quote.gz +Patch4: mutt.patch # build information Prefix: %{l_prefix} @@ -89,6 +90,7 @@ %if "%{with_quote}" == "yes" %patch3 -p1 %endif + %patch4 -p0 %build # configure for particular platform @@ . ______________________________________________________________________ The OpenPKG Project www.openpkg.org CVS Repository Commit List [EMAIL PROTECTED]