commit mutt for openSUSE:Factory

Wed, 26 Mar 2014 08:42:03 -0700 

Hello community,

here is the log from the commit of package mutt for openSUSE:Factory checked in 
at 2014-03-26 16:41:27
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/mutt (Old)
 and      /work/SRC/openSUSE:Factory/.mutt.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "mutt"

Changes:
--------
--- /work/SRC/openSUSE:Factory/mutt/mutt.changes        2013-08-06 
07:03:02.000000000 +0200
+++ /work/SRC/openSUSE:Factory/.mutt.new/mutt.changes   2014-03-26 
16:41:28.000000000 +0100
@@ -1,0 +2,6 @@
+Mon Mar 17 13:24:35 UTC 2014 - meiss...@suse.com
+
+- mutt-CVE-2014-0467.patch: fixed a buffer overflow during header display.
+  CVE-2014-0467 / bnc#868115 
+
+-------------------------------------------------------------------

New:
----
  mutt-CVE-2014-0467.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ mutt.spec ++++++
--- /var/tmp/diff_new_pack.RnJtwg/_old  2014-03-26 16:41:30.000000000 +0100
+++ /var/tmp/diff_new_pack.RnJtwg/_new  2014-03-26 16:41:30.000000000 +0100
@@ -1,7 +1,7 @@
 #
 # spec file for package mutt
 #
-# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -101,6 +101,8 @@
 Patch15:        widechar.sidebar.dif
 # PATCH-FIX-OPENSUSE: Be able to read signed/encrypted messsages even with CRLF
 Patch16:        mutt-1.5.21-cariage-return.path
+# PATCH-FIX-SUSE: bnc#868115 - CVE-2014-0467: mutt: crash due to malicious 
email
+Patch17:        mutt-CVE-2014-0467.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 %global         _sysconfdir %{_sysconfdir}
 
@@ -133,6 +135,7 @@
 %patch14 -p1 -b .sidebar.color
 %patch15 -p0 -b .widechar.sidebar
 %patch16 -p0 -b .crlf
+%patch17 -p1 -b .cve.2014.0467
 
 cp doc/Muttrc Muttrc.SuSE
 cp %{S:2} .

++++++ mutt-CVE-2014-0467.patch ++++++
--- mutt-1.5.21/copy.c
+++ mutt-1.5.21/copy.c  2014-03-25 08:42:27.466839319 +0000
@@ -254,6 +254,7 @@ mutt_copy_hdr (FILE *in, FILE *out, LOFF
     {
       if (!address_header_decode (&this_one))
        rfc2047_decode (&this_one);
+      this_one_len = mutt_strlen (this_one);
     }
     
     if (!headers[x])


-- 
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org

Reply via email to