commit mutt for openSUSE:Factory

Tue, 16 Dec 2014 05:48:09 -0800 

Hello community,

here is the log from the commit of package mutt for openSUSE:Factory checked in 
at 2014-12-16 14:48:06
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/mutt (Old)
 and      /work/SRC/openSUSE:Factory/.mutt.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "mutt"

Changes:
--------
--- /work/SRC/openSUSE:Factory/mutt/mutt.changes        2014-11-24 
11:09:15.000000000 +0100
+++ /work/SRC/openSUSE:Factory/.mutt.new/mutt.changes   2014-12-16 
14:47:30.000000000 +0100
@@ -1,0 +2,6 @@
+Thu Dec  4 12:03:10 UTC 2014 - wer...@suse.de
+
+- Add patch bsc907453-CVE-2014-9116-jessie.patch to fix bsc#907453
+  CVE-2014-9116: heap-based buffer overflow in mutt_substrdup()
+
+-------------------------------------------------------------------

New:
----
  bsc907453-CVE-2014-9116-jessie.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ mutt.spec ++++++
--- /var/tmp/diff_new_pack.VQX0rR/_old  2014-12-16 14:47:33.000000000 +0100
+++ /var/tmp/diff_new_pack.VQX0rR/_new  2014-12-16 14:47:33.000000000 +0100
@@ -107,6 +107,8 @@
 Patch17:        mutt-CVE-2014-0467.patch
 # PATCH-FIX-OPENSUSE bnc#899712 - fallback mailcap for e.g text/html
 Patch18:        mutt-1.5.21-mailcap.diff
+# PATCH-FIX-SUSE: bsc#907453 - CVE-2014-9116: mutt: heap-based buffer overflow 
in mutt_substrdup()
+Patch19:        bsc907453-CVE-2014-9116-jessie.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 %global         _sysconfdir %{_sysconfdir}
 
@@ -141,6 +143,7 @@
 %patch16 -p0 -b .crlf
 %patch17 -p1 -b .cve.2014.0467
 %patch18 -p1 -b .mailcap
+%patch19 -p1 -b .cvw2014.9116
 
 cp doc/Muttrc Muttrc.SuSE
 cp %{S:2} .

++++++ bsc907453-CVE-2014-9116-jessie.patch ++++++
This patch solves the issue raised by CVE-2014-9116 in bug 771125.

We correctly redefine what are the whitespace characters as per RFC5322; by
doing so we prevent mutt_substrdup from being used in a way that could lead to
a segfault.

The lib.c part was written by Antonio Radici <anto...@debian.org> to prevent
crashes due to this kind of bugs from happening again.

The wheezy version of this patch is slightly different, therefore this patch
has -jessie prefixed in its name.

Index: mutt/lib.c
===================================================================
--- mutt/lib.c
+++ mutt/lib.c
@@ -819,6 +819,9 @@ char *mutt_substrdup (const char *begin,
   size_t len;
   char *p;
 
+  if (end != NULL && end < begin)
+    return NULL;
+
   if (end)
     len = end - begin;
   else
Index: mutt/sendlib.c
===================================================================
--- mutt/sendlib.c
+++ mutt/sendlib.c
@@ -1814,7 +1814,11 @@ static int write_one_header (FILE *fp, i
     {
       tagbuf = mutt_substrdup (start, t);
       ++t; /* skip over the colon separating the header field name and value */
-      SKIPWS(t); /* skip over any leading whitespace */
+
+      /* skip over any leading whitespace (WSP, as defined in RFC5322) */
+      while (*t == ' ' || *t == '\t') 
+       t++;
+
       valbuf = mutt_substrdup (t, end);
     }
     dprint(4,(debugfile,"mwoh: buf[%s%s] too long, "


-- 
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org

Reply via email to