Hello community, here is the log from the commit of package cyrus-imapd for openSUSE:11.3 checked in at Fri Sep 9 16:18:40 CEST 2011.
-------- --- old-versions/11.3/UPDATES/all/cyrus-imapd/cyrus-imapd.changes 2011-05-23 15:41:29.000000000 +0200 +++ 11.3/cyrus-imapd/cyrus-imapd.changes 2011-09-09 09:40:56.000000000 +0200 @@ -1,0 +2,5 @@ +Thu Sep 1 09:08:52 UTC 2011 - [email protected] + +- Fixed a buffer overflow in nntpd (bnc#715251) + +------------------------------------------------------------------- calling whatdependson for 11.3-i586 New: ---- cyrus-imapd_nntp-overflow.dif ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ cyrus-imapd.spec ++++++ --- /var/tmp/diff_new_pack.h4iIwK/_old 2011-09-09 16:18:03.000000000 +0200 +++ /var/tmp/diff_new_pack.h4iIwK/_new 2011-09-09 16:18:03.000000000 +0200 @@ -50,7 +50,7 @@ %endif Summary: The Cyrus IMAP and POP Mail Server Version: 2.3.16 -Release: 8.<RELEASE5> +Release: 8.<RELEASE7> Source: %{prjname}-%{version}.tar.bz2 Source1: cyrus-imapd-rc.tar.gz Source2: DB_CONFIG @@ -68,6 +68,7 @@ Patch18: cyrus-imapd-perl-path.patch Patch19: cron-job-ctl_mboxlist-path.patch Patch20: cyrus-imapd-STARTTLS-plaintext-command-injection.dif +Patch21: cyrus-imapd_nntp-overflow.dif %if %{with_kolab} # KOLAB_cyrus-imapd patches are maintained at @@ -182,6 +183,7 @@ %patch18 %patch19 -p1 %patch20 -p2 +%patch21 -p1 %if %{with_kolab} %patch100 -p1 ++++++ cyrus-imapd_nntp-overflow.dif ++++++ Index: cyrus-imapd-2.3.11/imap/nntpd.c =================================================================== --- cyrus-imapd-2.3.11.orig/imap/nntpd.c +++ cyrus-imapd-2.3.11/imap/nntpd.c @@ -4107,7 +4107,8 @@ static struct wildmat *split_wildmats(ch else if (*c == '@') wild[n].not = -1; /* absolute not (feeding) */ else wild[n].not = 0; - strcpy(p, wild[n].not ? c + 1 : c); + strncpy(p, wild[n].not ? c + 1 : c, pattern+sizeof(pattern) - p); + pattern[sizeof(pattern)-1] = '\0'; wild[n++].pat = xstrdup(pattern); } while (c != str); wild[n].pat = NULL; ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
