[Secure-testing-team] Bug#771360: CVE-2010-5109

Moritz Muehlenhoff Fri, 28 Nov 2014 11:34:20 -0800

Package: claws
Severity: grave
Tags: security

Hi,
claws-mail embeds a copy of libytnef:


| claws-mail (3.10.1-1) unstable; urgency=medium
|
|      - Remove libytnef dependency: it was assimilated (and modified)

But it's missing the security fix CVE-2010-5109, I'm attaching the
patch from src:libytnef

Can you please fix this for jessie and forward the patch upstream?

Cheers,
        Moritz

Index: b/ytnef.c
===================================================================
--- a/ytnef.c
+++ b/ytnef.c
@@ -1328,7 +1328,7 @@
 
     comp_Prebuf.size = strlen(RTF_PREBUF);
     comp_Prebuf.data = calloc(comp_Prebuf.size, 1);
-    strcpy(comp_Prebuf.data, RTF_PREBUF);
+    memcpy(comp_Prebuf.data, RTF_PREBUF, comp_Prebuf.size);
 
     src = p->data;
     in = 0;

_______________________________________________
Secure-testing-team mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-team

[Secure-testing-team] Bug#771360: CVE-2010-5109

Reply via email to