Hello community, here is the log from the commit of package cyrus-imapd for openSUSE:Factory checked in at Fri Sep 9 13:34:33 CEST 2011.
-------- --- cyrus-imapd/cyrus-imapd.changes 2011-06-20 11:52:20.000000000 +0200 +++ /mounts/work_src_done/STABLE/cyrus-imapd/cyrus-imapd.changes 2011-09-09 09:42:59.000000000 +0200 @@ -1,0 +2,5 @@ +Thu Sep 1 09:08:52 UTC 2011 - [email protected] + +- Fixed a buffer overflow in nntpd (bnc#715251) + +------------------------------------------------------------------- calling whatdependson for head-i586 New: ---- cyrus-imapd_nntp-overflow.dif ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ cyrus-imapd.spec ++++++ --- /var/tmp/diff_new_pack.STdO9J/_old 2011-09-09 13:34:29.000000000 +0200 +++ /var/tmp/diff_new_pack.STdO9J/_new 2011-09-09 13:34:29.000000000 +0200 @@ -57,7 +57,7 @@ %endif Summary: The Cyrus IMAP and POP Mail Server Version: 2.3.16 -Release: 20 +Release: 22 Source: %{prjname}-%{version}.tar.bz2 Source1: cyrus-imapd-rc.tar.gz Source2: DB_CONFIG @@ -76,6 +76,7 @@ Patch20: cyrus-imapd-perl-5.14.patch Patch21: cyrus-imapd-STARTTLS-plaintext-command-injection.patch Patch22: cyrus-imapd_tls-session-leak.dif +Patch23: cyrus-imapd_nntp-overflow.dif %if %{with_kolab} # KOLAB_cyrus-imapd patches are maintained at @@ -191,6 +192,7 @@ %patch20 -p1 %patch21 -p1 %patch22 -p1 +%patch23 -p1 %if %{with_kolab} %patch100 -p1 ++++++ cyrus-imapd_nntp-overflow.dif ++++++ Index: cyrus-imapd-2.3.11/imap/nntpd.c =================================================================== --- cyrus-imapd-2.3.11.orig/imap/nntpd.c +++ cyrus-imapd-2.3.11/imap/nntpd.c @@ -4107,7 +4107,8 @@ static struct wildmat *split_wildmats(ch else if (*c == '@') wild[n].not = -1; /* absolute not (feeding) */ else wild[n].not = 0; - strcpy(p, wild[n].not ? c + 1 : c); + strncpy(p, wild[n].not ? c + 1 : c, pattern+sizeof(pattern) - p); + pattern[sizeof(pattern)-1] = '\0'; wild[n++].pat = xstrdup(pattern); } while (c != str); wild[n].pat = NULL; ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
