Hello community, here is the log from the commit of package neomutt for openSUSE:Factory checked in at 2018-07-18 22:57:14 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/neomutt (Old) and /work/SRC/openSUSE:Factory/.neomutt.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "neomutt" Wed Jul 18 22:57:14 2018 rev:7 rq:623631 version:20180716 Changes: -------- --- /work/SRC/openSUSE:Factory/neomutt/neomutt.changes 2018-06-27 10:21:29.247893244 +0200 +++ /work/SRC/openSUSE:Factory/.neomutt.new/neomutt.changes 2018-07-18 22:58:05.394135109 +0200 @@ -1,0 +2,38 @@ +Tue Jul 17 09:26:21 UTC 2018 - kbabi...@suse.com + +- Updated to 20180716 + * Feature: <check-stats> function + * Lots of bug fixes and vulnerability fixes: + - CVE-2018-14349: Fixed mishandling of NO response without message in + imap/command.c (bnc#1101589) + - CVE-2018-14350: Fixed stack-based buffer overflow for FETCH response with + long INTERNALDATE field in imap/message.c (bnc#1101588) + - CVE-2018-14351: Fixed mishandling of a long IMAP status mailbox literal + count size in imap/command.c (bnc#1101583) + - CVE-2018-14352: Fixed stack-based buffer overflow in imap_quote_string in + imap/util.c (bnc#1101582) + - CVE-2018-14353: Fixed integer underflow in imap_quote_string in + imap/util.c (bnc#1101581) + - CVE-2018-14354: Fixed arbitrary command execution via backquote + characters, related to the mailboxes command associated with manual + subscription or unsubscription (bnc#1101578) + - CVE-2018-14355: Fixed directory traversal in mailbox name in imap/util.c + (bnc#1101577) + - CVE-2018-14356: Fixed mishandling of zero-length UID in pop.c + (bnc#1101576) + - CVE-2018-14357: Fixed arbitrary command execution via backquote + characters, related to mailboxes command associated with automatic + subscription (bnc#1101573) + - CVE-2018-14358: Fixed stack-based buffer overflow for FETCH response with + long RFC822.SIZE field (bnc#1101571) + - CVE-2018-14359: Fixed buffer overflow via base64 data (bnc#1101570) + - CVE-2018-14360: Fixed stack-based buffer overflow because of incorrect + sscanf usage in nntp_add_group in newsrc.c (bnc#1101569) + - CVE-2018-14361: Fixed an code flow issue in nntp.c, which would proceed + even if memory allocation failed for messages data (bnc#1101568) + - CVE-2018-14362: Fixed unsafe interaction with message-cache pathnames in + pop.c (bnc#1101567) + - CVE-2018-14363: Fixed unsafe interaction with cache pathnames (containing + '/') in newsrc.c (bnc#1101566) + +------------------------------------------------------------------- Old: ---- neomutt-20180622.tar.gz New: ---- neomutt-20180716.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ neomutt.spec ++++++ --- /var/tmp/diff_new_pack.NqONKG/_old 2018-07-18 22:58:05.862133557 +0200 +++ /var/tmp/diff_new_pack.NqONKG/_new 2018-07-18 22:58:05.862133557 +0200 @@ -17,7 +17,7 @@ Name: neomutt -Version: 20180622 +Version: 20180716 Release: 0 Summary: A command line mail reader (or MUA), a fork of Mutt with added features License: GPL-2.0-or-later ++++++ neomutt-20180622.tar.gz -> neomutt-20180716.tar.gz ++++++ ++++ 120724 lines of diff (skipped)