Hello community, here is the log from the commit of package claws-mail for openSUSE:Factory checked in at 2012-10-16 11:23:25 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/claws-mail (Old) and /work/SRC/openSUSE:Factory/.claws-mail.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "claws-mail", Maintainer is "nadvor...@suse.com" Changes: -------- --- /work/SRC/openSUSE:Factory/claws-mail/claws-mail.changes 2012-08-13 19:53:12.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.claws-mail.new/claws-mail.changes 2012-10-16 11:23:27.000000000 +0200 @@ -1,0 +2,7 @@ +Fri Oct 12 14:52:50 UTC 2012 - zai...@opensuse.org + +- Add claws-mail-3.8.1-procmime-vuln.patch: Fixes NULL pointer + derefence while processing email content. (bnc#784463), + (CVE-2012-4507). + +------------------------------------------------------------------- New: ---- claws-mail-3.8.1-procmime-vuln.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ claws-mail.spec ++++++ --- /var/tmp/diff_new_pack.HfQnru/_old 2012-10-16 11:23:28.000000000 +0200 +++ /var/tmp/diff_new_pack.HfQnru/_new 2012-10-16 11:23:28.000000000 +0200 @@ -34,6 +34,8 @@ Patch1: claws-mail-bnc770014.patch # PATCH-FIX-UPSTREAM claws-mail-verify-hostname.patch bnc#761503 -- Verify peer names when negotiating certificates. Patch3: claws-mail-verify-hostname.patch +# PATCH-FIX-UPSTREAM claws-mail-3.8.1-procmime-vuln.patch bnc#784463 -- NULL pointer derefence while processing email content. +Patch4: claws-mail-3.8.1-procmime-vuln.patch BuildRequires: NetworkManager-devel BuildRequires: compface BuildRequires: db-devel @@ -111,6 +113,7 @@ %patch0 %patch1 -p1 %patch3 -p0 +%patch4 -p1 %build %configure \ ++++++ claws-mail-3.8.1-procmime-vuln.patch ++++++ diff -Nurb --strip-trailing-cr claws-mail-3.8.1-orig/src/procmime.c claws-mail-3.8.1/src/procmime.c --- claws-mail-3.8.1-orig/src/procmime.c 2012-06-27 11:05:22.000000000 +0200 +++ claws-mail-3.8.1/src/procmime.c 2012-10-03 18:00:09.438577924 +0200 @@ -1753,6 +1753,8 @@ continue; charset = value; + if (charset == NULL) + continue; lang = strchr(charset, '\''); if (lang == NULL) continue; -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org