OpenPKG CVS Repository
http://cvs.openpkg.org/
____________________________________________________________________________
Server: cvs.openpkg.org Name: Thomas Lotterer
Root: /e/openpkg/cvs Email: [EMAIL PROTECTED]
Module: openpkg-src Date: 09-Mar-2004 15:40:53
Branch: OPENPKG_1_3_SOLID Handle: 2004030914405200
Added files: (Branch: OPENPKG_1_3_SOLID)
openpkg-src/mutt mutt.patch
Modified files: (Branch: OPENPKG_1_3_SOLID)
openpkg-src/mutt mutt.spec
Log:
SA-2004.005-mutt; CAN-2004-0078
Summary:
Revision Changes Path
1.1.8.1 +50 -0 openpkg-src/mutt/mutt.patch
1.41.2.4.2.3+3 -1 openpkg-src/mutt/mutt.spec
____________________________________________________________________________
patch -p0 <<'@@ .'
Index: openpkg-src/mutt/mutt.patch
============================================================================
$ cvs diff -u -r0 -r1.1.8.1 mutt.patch
--- /dev/null 2004-03-09 15:40:53.000000000 +0100
+++ mutt.patch 2004-03-09 15:40:53.000000000 +0100
@@ -0,0 +1,50 @@
+http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=CAN-2004-0078
+ Buffer overflow in the index menu code (menu_pad_string of menu.c)
+ for Mutt 1.4.1 and earlier allows remote attackers to cause a denial
+ of service (crash) and possibly execute arbitrary code via certain
+ mail messages.
+
+Index: menu.c
+===================================================================
+RCS file: /home/roessler/cvs/mutt/menu.c,v
+retrieving revision 2.27.2.1
+retrieving revision 2.27.2.2
+diff -u -d -u -d -r mutt-1-4-1-rel -r mutt-1-4-2-rel
+--- menu.c 28 Jan 2002 10:18:50 -0000 2.27.2.1
++++ menu.c 11 Feb 2004 10:07:17 -0000 2.27.2.2
+@@ -148,30 +148,13 @@
+ menu->make_entry (s, l, menu, i);
+ }
+
+-void menu_pad_string (char *s, size_t l)
++void menu_pad_string (char *s, size_t n)
+ {
+- size_t n = mutt_strlen (s);
+ int shift = option (OPTARROWCURSOR) ? 3 : 0;
+-
+- l--; /* save room for the terminal \0 */
+- if (l > COLS - shift)
+- l = COLS - shift;
+-
+- /* Let's just pad the string anyway ... */
+- mutt_format_string (s, INT_MAX, l, l, 0, ' ', s, n, 1);
+- return;
++ int cols = COLS - shift;
+
+-#if !defined (HAVE_BKGDSET) && !defined (USE_SLANG_CURSES)
+- /* we have to pad the string with blanks to the end of line */
+- if (n < l)
+- {
+- while (n < l)
+- s[n++] = ' ';
+- s[n] = 0;
+- }
+- else
+-#endif
+- s[l] = 0;
++ mutt_format_string (s, n, cols, cols, 0, ' ', s, strlen (s), 1);
++ s[n - 1] = 0;
+ }
+
+ void menu_redraw_full (MUTTMENU *menu)
+
@@ .
patch -p0 <<'@@ .'
Index: openpkg-src/mutt/mutt.spec
============================================================================
$ cvs diff -u -r1.41.2.4.2.2 -r1.41.2.4.2.3 mutt.spec
--- openpkg-src/mutt/mutt.spec 22 Sep 2003 18:47:23 -0000 1.41.2.4.2.2
+++ openpkg-src/mutt/mutt.spec 9 Mar 2004 14:40:52 -0000 1.41.2.4.2.3
@@ -36,7 +36,7 @@
Group: Mail
License: BSD
Version: %{V_mutt}i
-Release: 1.3.1
+Release: 1.3.2
# build options
%option with_comp no
@@ -52,6 +52,7 @@
Patch1:
ftp://ftp.mutt.org.ua/pub/mutt/mutt-%{V_mutt}/patch-%{V_mutt}.vvv.nntp.gz
Patch2:
ftp://ftp.mutt.org.ua/pub/mutt/mutt-%{V_mutt}/patch-%{V_mutt}.vvv.initials.gz
Patch3:
ftp://ftp.mutt.org.ua/pub/mutt/mutt-%{V_mutt}/patch-%{V_mutt}.vvv.quote.gz
+Patch4: mutt.patch
# build information
Prefix: %{l_prefix}
@@ -89,6 +90,7 @@
%if "%{with_quote}" == "yes"
%patch3 -p1
%endif
+ %patch4 -p0
%build
# configure for particular platform
@@ .
______________________________________________________________________
The OpenPKG Project www.openpkg.org
CVS Repository Commit List [EMAIL PROTECTED]
