Your message dated Sat, 31 Jul 2021 15:26:06 +0000
with message-id <[email protected]>
and subject line unblock neomutt
has caused the Debian Bug report #991716,
regarding unblock: neomutt/20201127+dfsg.1-1.2
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
991716: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991716
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: [email protected]
Usertags: unblock
Please unblock package neomutt. It fixes a security issue,
which was already fixed in buster. Debdiff below.
unblock neomutt/20201127+dfsg.1-1.2
Cheers,
Moritz
diff -Nru neomutt-20201127+dfsg.1/debian/changelog
neomutt-20201127+dfsg.1/debian/changelog
--- neomutt-20201127+dfsg.1/debian/changelog 2021-03-16 20:37:31.000000000
+0100
+++ neomutt-20201127+dfsg.1/debian/changelog 2021-07-29 23:13:20.000000000
+0200
@@ -1,3 +1,10 @@
+neomutt (20201127+dfsg.1-1.2) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * Fix CVE-2021-32055 (Closes: #988107)
+
+ -- Moritz Muehlenhoff <[email protected]> Thu, 29 Jul 2021 23:13:20 +0200
+
neomutt (20201127+dfsg.1-1.1) unstable; urgency=medium
* Non-maintainer upload.
diff -Nru neomutt-20201127+dfsg.1/debian/patches/series
neomutt-20201127+dfsg.1/debian/patches/series
--- neomutt-20201127+dfsg.1/debian/patches/series 2021-03-16
20:37:31.000000000 +0100
+++ neomutt-20201127+dfsg.1/debian/patches/series 2021-07-29
23:13:12.000000000 +0200
@@ -4,3 +4,4 @@
misc/smime.rc.patch
upstream/981306-mime-forwarding.patch
upstream/redraw-on-sigwinch.patch
+upstream/CVE-2021-32055.patch
diff -Nru neomutt-20201127+dfsg.1/debian/patches/upstream/CVE-2021-32055.patch
neomutt-20201127+dfsg.1/debian/patches/upstream/CVE-2021-32055.patch
--- neomutt-20201127+dfsg.1/debian/patches/upstream/CVE-2021-32055.patch
1970-01-01 01:00:00.000000000 +0100
+++ neomutt-20201127+dfsg.1/debian/patches/upstream/CVE-2021-32055.patch
2021-07-29 23:12:31.000000000 +0200
@@ -0,0 +1,34 @@
+From fa1db5785e5cfd9d3cd27b7571b9fe268d2ec2dc Mon Sep 17 00:00:00 2001
+From: Kevin McCarthy <[email protected]>
+Date: Mon, 3 May 2021 13:11:30 -0700
+Subject: [PATCH] Fix seqset iterator when it ends in a comma
+
+If the seqset ended with a comma, the substr_end marker would be just
+before the trailing nul. In the next call, the loop to skip the
+marker would iterate right past the end of string too.
+
+The fix is simple: place the substr_end marker and skip past it
+immediately.
+---
+ imap/util.c | 4 +---
+ 1 file changed, 1 insertion(+), 3 deletions(-)
+
+diff --git a/imap/util.c b/imap/util.c
+index 52aff7da0a..27fb862954 100644
+--- a/imap/util.c
++++ b/imap/util.c
+@@ -1119,13 +1119,11 @@ int mutt_seqset_iterator_next(struct SeqsetIterator
*iter, unsigned int *next)
+ if (iter->substr_cur == iter->eostr)
+ return 1;
+
+- while (!*(iter->substr_cur))
+- iter->substr_cur++;
+ iter->substr_end = strchr(iter->substr_cur, ',');
+ if (!iter->substr_end)
+ iter->substr_end = iter->eostr;
+ else
+- *(iter->substr_end) = '\0';
++ *(iter->substr_end++) = '\0';
+
+ char *range_sep = strchr(iter->substr_cur, ':');
+ if (range_sep)
--- End Message ---
--- Begin Message ---
Unblocked.
--- End Message ---
