Hello community, here is the log from the commit of package cyrus-imapd for openSUSE:Factory checked in at 2015-11-17 14:22:52 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/cyrus-imapd (Old) and /work/SRC/openSUSE:Factory/.cyrus-imapd.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "cyrus-imapd" Changes: -------- --- /work/SRC/openSUSE:Factory/cyrus-imapd/cyrus-imapd.changes 2015-09-08 18:12:02.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.cyrus-imapd.new/cyrus-imapd.changes 2015-11-17 14:22:53.000000000 +0100 @@ -1,0 +2,9 @@ +Sun Nov 15 11:48:17 UTC 2015 - [email protected] + +- Added cyrus-imapd-2.4.18-CVE-2015-8077.patch: + boo#954200, CVE-2015-8077: Integer overflow in range checks + +- Added cyrus-imapd-2.4.18-CVE-2015-8078.patch: + boo#954201, CVE-2015-8078: Integer overflow in index_urlfetch + +------------------------------------------------------------------- @@ -4 +13 @@ -- Update to 2.4.18 +- Update to 2.4.18 [boo#945844] New: ---- cyrus-imapd-2.4.18-CVE-2015-8077.patch cyrus-imapd-2.4.18-CVE-2015-8078.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ cyrus-imapd.spec ++++++ --- /var/tmp/diff_new_pack.krq1mz/_old 2015-11-17 14:22:54.000000000 +0100 +++ /var/tmp/diff_new_pack.krq1mz/_new 2015-11-17 14:22:54.000000000 +0100 @@ -66,6 +66,10 @@ Patch27: cyrus-imapd-2.4.17_ptloader-ldap_user_attribute.patch # PATCH-FIX-UPSTREAM -- Have the correct #include when using implicit definitions Patch28: cyrus-imapd-2.4.18-implicit_definitions.patch +# PATCH-FIX-UPSTREAM -- Fix for CVE-2015-8077 +Patch29: cyrus-imapd-2.4.18-CVE-2015-8077.patch +# PATCH-FIX-UPSTREAM -- Fix for CVE-2015-8078 +Patch30: cyrus-imapd-2.4.18-CVE-2015-8078.patch BuildRequires: automake BuildRequires: bison @@ -225,6 +229,8 @@ %patch25 -p1 %patch27 -p1 %patch28 -p1 +%patch29 -p1 +%patch30 -p1 # remove executable bit from docs find doc -type f -name '*.html' -exec %{__chmod} -x {} \; ++++++ cyrus-imapd-2.4.18-CVE-2015-8077.patch ++++++ >From 538359e5a7c978e2f27c80124c8bd1282c7661a9 Mon Sep 17 00:00:00 2001 From: ellie timoney <[email protected]> Date: Mon, 26 Oct 2015 16:15:40 +1100 Subject: urlfetch: protect against overflow in range checks diff --git a/imap/index.c b/imap/index.c index 43dfe16..566a983 100644 --- a/imap/index.c +++ b/imap/index.c @@ -2712,7 +2712,8 @@ int index_urlfetch(struct index_state *state, uint32_t msgno, int fetchmime = 0, domain = DOMAIN_7BIT; unsigned size; int32_t skip = 0; - int n, r = 0; + unsigned long n; + int r = 0; char *decbuf = NULL; struct mailbox *mailbox = state->mailbox; struct index_map *im = &state->map[msgno-1]; @@ -2849,7 +2850,7 @@ int index_urlfetch(struct index_state *state, uint32_t msgno, start_octet = size; n = 0; } - else if (start_octet + n > size) { + else if (start_octet + n < start_octet || start_octet + n > size) { n = size - start_octet; } @@ -2861,10 +2862,10 @@ int index_urlfetch(struct index_state *state, uint32_t msgno, if (domain == DOMAIN_BINARY) { /* Write size of literal8 */ - prot_printf(pout, " ~{%u}\r\n", n); + prot_printf(pout, " ~{%lu}\r\n", n); } else { /* Write size of literal */ - prot_printf(pout, " {%u}\r\n", n); + prot_printf(pout, " {%lu}\r\n", n); } } -- cgit v0.10.2 ++++++ cyrus-imapd-2.4.18-CVE-2015-8078.patch ++++++ >From 0142e98fa90f02a030f93469523ac64f91ae7a9f Mon Sep 17 00:00:00 2001 From: ellie timoney <[email protected]> Date: Mon, 26 Oct 2015 16:21:01 +1100 Subject: urlfetch: and the other bit diff --git a/imap/index.c b/imap/index.c index 566a983..6216f02 100644 --- a/imap/index.c +++ b/imap/index.c @@ -2807,7 +2807,8 @@ int index_urlfetch(struct index_state *state, uint32_t msgno, size_t section_offset = CACHE_ITEM_BIT32(cacheitem); size_t section_size = CACHE_ITEM_BIT32(cacheitem + CACHE_ITEM_SIZE_SKIP); - if (section_offset + section_size > size) { + if (section_offset + section_size < section_offset + || section_offset + section_size > size) { r = IMAP_INTERNAL; goto done; } -- cgit v0.10.2
