#3716: mutt: write_one_header can call mutt_substrdup with begin > end, leading
to
crash
---------------------+----------------------
Reporter: thoger | Owner: mutt-dev
Type: defect | Status: closed
Priority: major | Milestone:
Component: mutt | Version: 1.5.23
Resolution: fixed | Keywords:
---------------------+----------------------
Changes (by Kevin McCarthy <kevin@…>):
* status: new => closed
* resolution: => fixed
Comment:
In [0aebf1df43598b442ac75ae4fe17875351854db0]:
{{{
#!CommitTicketReference repository=""
revision="0aebf1df43598b442ac75ae4fe17875351854db0"
Revert write_one_header() to skip space and tab. (closes #3716)
This patch fixes CVE-2014-9116 in the stable branch. It reverts
write_one_header() to the pre [f251d523ca5a] code for skipping
whitespace.
Thanks to Antonio Radici and Tomas Hoger for their analysis and patches
to mutt, which this patch is based off of.
}}}
--
Ticket URL: <http://dev.mutt.org/trac/ticket/3716#comment:12>
Mutt <http://www.mutt.org/>
The Mutt mail user agent
