description:
A flaw was found in mbsync versions prior to 1.4.4. Due to inadequate
handling of extremely large (>=2GiB) IMAP literals, malicious or
compromised IMAP servers, and hypothetically even external email
senders, could cause several different buffer overflows, which could
conceivably be
description:
A flaw was found in mbsync versions 1.4.0 through 1.4.3. Due to an
unchecked condition, a malicious or compromised IMAP server could use
a crafted mail message that lacks headers (i.e., one that
starts with an empty line) to provoke a heap overflow, which could
conceivably be exploit
commit ba13362a52d8749731ba645e5e50e47862a5b91d
Author: Oswald Buddenhagen
Date: Wed Nov 24 17:22:04 2021 +0100
deal with oversized messages in maildirs
don't try to read messages > 2G, as that will only lead to trouble down
the line.
this wouldn't have worked on linux
commit 463272eab866a36162fe51813327ca7af2f37ca0
Author: Oswald Buddenhagen
Date: Wed Nov 24 19:21:48 2021 +0100
CVE-2021-3657: reject excessively large IMAP literals
we didn't limit the 32-bit size of literals so far, which, given that we
use int-sized lengths & offsets, permit
commit 87065c12b477ee7239dd907f352dda5289c0c919
Author: Oswald Buddenhagen
Date: Mon Nov 22 20:57:24 2021 +0100
CVE-2021-44143: don't overflow heap on messages without headers
when a broken/compromised/malicious server gives us a message that
starts with an empty line, we'd ent
commit 127003ee37e3eb6d914782be43097338baa32d2b
Author: Oswald Buddenhagen
Date: Wed Nov 24 18:24:00 2021 +0100
reject unreasonably long mailbox names from IMAP LIST
this wasn't really a security problem, as the name mapping we actually
do does not change the string length, and
commit e686f88318b4c493a747afbf3895344b87f9f903
Author: Oswald Buddenhagen
Date: Wed Dec 1 11:25:06 2021 +0100
don't complain about concurrent flagging as deleted
the result of propagating a deletion is flagging as deleted, so shut up
if the only remote change is exactly that.
commit bc15e571b650270b87e9758916f93eab04992cef
Author: Oswald Buddenhagen
Date: Wed Nov 24 17:46:43 2021 +0100
report conversion errors directly in copy_msg_convert()
that makes it easier to report various conditions without introducing
separate error codes.
src/sync.c | 9 +
commit 92921b1d3b7262eaa0fbb095cc714098b431c2f9
Author: Oswald Buddenhagen
Date: Wed Nov 24 17:51:06 2021 +0100
reject messages that grow too large due to conversion
that shouldn't really be a problem, as we have 2GB of headroom, and most
growth would happen when sending an all
commit 51673214abae762f16c8d4eab67152f7cb703da7
Author: Oswald Buddenhagen
Date: Fri Nov 26 23:05:30 2021 +0100
fix read beyond end of input in copy_msg_convert()
the input isn't necessarily null-terminated (it currently is for imap,
but not for maildir), so if the message ende
commit f2b1e8003343652ae76e40bfc81e1b0df8f3d3de
Author: Oswald Buddenhagen
Date: Fri Nov 26 11:53:36 2021 +0100
modernize configure.ac
configure.ac | 21 +++--
1 file changed, 11 insertions(+), 10 deletions(-)
diff --git a/configure.ac b/configure.ac
index fe33790..9baaa5
commit bb5e98e9ec9655b018294b3a650cf218535d475a
Author: Oswald Buddenhagen
Date: Thu Nov 25 17:04:50 2021 +0100
bump version
configure.ac | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/configure.ac b/configure.ac
index 9baaa5f..8e5e186 100644
--- a/configure.ac
+++ b/
The tag 'v1.4.4' has been created at bb5e98e.
___
isync-devel mailing list
isync-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/isync-devel
The branch 'master', previously at da65672, has been fast-forwarded by
13 revision(s) to bb5e98e.
___
isync-devel mailing list
isync-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/isync-devel
14 matches
Mail list logo
