Hello community, here is the log from the commit of package mutt for openSUSE:Factory checked in at 2014-03-26 16:41:27 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/mutt (Old) and /work/SRC/openSUSE:Factory/.mutt.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "mutt" Changes: -------- --- /work/SRC/openSUSE:Factory/mutt/mutt.changes 2013-08-06 07:03:02.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.mutt.new/mutt.changes 2014-03-26 16:41:28.000000000 +0100 @@ -1,0 +2,6 @@ +Mon Mar 17 13:24:35 UTC 2014 - meiss...@suse.com + +- mutt-CVE-2014-0467.patch: fixed a buffer overflow during header display. + CVE-2014-0467 / bnc#868115 + +------------------------------------------------------------------- New: ---- mutt-CVE-2014-0467.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ mutt.spec ++++++ --- /var/tmp/diff_new_pack.RnJtwg/_old 2014-03-26 16:41:30.000000000 +0100 +++ /var/tmp/diff_new_pack.RnJtwg/_new 2014-03-26 16:41:30.000000000 +0100 @@ -1,7 +1,7 @@ # # spec file for package mutt # -# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -101,6 +101,8 @@ Patch15: widechar.sidebar.dif # PATCH-FIX-OPENSUSE: Be able to read signed/encrypted messsages even with CRLF Patch16: mutt-1.5.21-cariage-return.path +# PATCH-FIX-SUSE: bnc#868115 - CVE-2014-0467: mutt: crash due to malicious email +Patch17: mutt-CVE-2014-0467.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build %global _sysconfdir %{_sysconfdir} @@ -133,6 +135,7 @@ %patch14 -p1 -b .sidebar.color %patch15 -p0 -b .widechar.sidebar %patch16 -p0 -b .crlf +%patch17 -p1 -b .cve.2014.0467 cp doc/Muttrc Muttrc.SuSE cp %{S:2} . ++++++ mutt-CVE-2014-0467.patch ++++++ --- mutt-1.5.21/copy.c +++ mutt-1.5.21/copy.c 2014-03-25 08:42:27.466839319 +0000 @@ -254,6 +254,7 @@ mutt_copy_hdr (FILE *in, FILE *out, LOFF { if (!address_header_decode (&this_one)) rfc2047_decode (&this_one); + this_one_len = mutt_strlen (this_one); } if (!headers[x]) -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org