Author: dnicholson Date: 2006-08-09 08:30:57 -0600 (Wed, 09 Aug 2006) New Revision: 1623
Added: trunk/mutt/ trunk/mutt/mutt-1.5.11-security_fix-1.patch Log: Patch to fix CVE-2006-3242 in Mutt-1.5.11. Added: trunk/mutt/mutt-1.5.11-security_fix-1.patch =================================================================== --- trunk/mutt/mutt-1.5.11-security_fix-1.patch (rev 0) +++ trunk/mutt/mutt-1.5.11-security_fix-1.patch 2006-08-09 14:30:57 UTC (rev 1623) @@ -0,0 +1,38 @@ +Submitted By: Ag. Hatzimanikas +Date: 2006-08-09 +Initial Package Version: 1.5.11 +Origin: From Upstream +Upstream Status: Applied + http://dev.mutt.org/cgi-bin/gitweb.cgi?p=mutt/.git;a=commit;h=dc0272b749f0e2b102973b7ac43dbd3908507540 +Description: Fixes a buffer overflow. + http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3242 + +diff -Naur mutt-1.5.11.orig/imap/browse.c mutt-1.5.11/imap/browse.c +--- mutt-1.5.11.orig/imap/browse.c 2005-08-11 22:37:02.000000000 +0300 ++++ mutt-1.5.11/imap/browse.c 2006-07-18 23:23:01.000000000 +0300 +@@ -512,7 +512,7 @@ + if (*s == '\"') + { + s++; +- while (*s && *s != '\"') ++ while (*s && *s != '\"' && n < sizeof (ns) - 1) + { + if (*s == '\\') + s++; +@@ -523,12 +523,14 @@ + s++; + } + else +- while (*s && !ISSPACE (*s)) ++ while (*s && !ISSPACE (*s) && n < sizeof (ns) - 1) + { + ns[n++] = *s; + s++; + } + ns[n] = '\0'; ++ if (n == sizeof (ns) - 1) ++ dprint (1, (debugfile, "browse_get_namespace: too long: [%s]\n", ns)); + /* delim? */ + s = imap_next_word (s); + /* delimiter is meaningless if namespace is "". Why does + -- http://linuxfromscratch.org/mailman/listinfo/patches FAQ: http://www.linuxfromscratch.org/faq/ Unsubscribe: See the above information page
