import mutt-2.0.7-2.el8
This commit is contained in:
parent
4785e63316
commit
197c42d5f4
40
SOURCES/mutt-2.0.7-cve-2022-1328.patch
Normal file
40
SOURCES/mutt-2.0.7-cve-2022-1328.patch
Normal file
@ -0,0 +1,40 @@
|
|||||||
|
From e5ed080c00e59701ca62ef9b2a6d2612ebf765a5 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Kevin McCarthy <kevin@8t8.us>
|
||||||
|
Date: Tue, 5 Apr 2022 11:05:52 -0700
|
||||||
|
Subject: [PATCH] Fix uudecode buffer overflow.
|
||||||
|
|
||||||
|
mutt_decode_uuencoded() used each line's initial "length character"
|
||||||
|
without any validation. It would happily read past the end of the
|
||||||
|
input line, and with a suitable value even past the length of the
|
||||||
|
input buffer.
|
||||||
|
|
||||||
|
As I noted in ticket 404, there are several other changes that could
|
||||||
|
be added to make the parser more robust. However, to avoid
|
||||||
|
accidentally introducing another bug or regression, I'm restricting
|
||||||
|
this patch to simply addressing the overflow.
|
||||||
|
|
||||||
|
Thanks to Tavis Ormandy for reporting the issue, along with a sample
|
||||||
|
message demonstrating the problem.
|
||||||
|
---
|
||||||
|
handler.c | 4 ++--
|
||||||
|
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/handler.c b/handler.c
|
||||||
|
index d1b4bc73..c97cf0cb 100644
|
||||||
|
--- a/handler.c
|
||||||
|
+++ b/handler.c
|
||||||
|
@@ -404,9 +404,9 @@ static void mutt_decode_uuencoded (STATE *s, LOFF_T len, int istext, iconv_t cd)
|
||||||
|
pt = tmps;
|
||||||
|
linelen = decode_byte (*pt);
|
||||||
|
pt++;
|
||||||
|
- for (c = 0; c < linelen;)
|
||||||
|
+ for (c = 0; c < linelen && *pt;)
|
||||||
|
{
|
||||||
|
- for (l = 2; l <= 6; l += 2)
|
||||||
|
+ for (l = 2; l <= 6 && *pt && *(pt + 1); l += 2)
|
||||||
|
{
|
||||||
|
out = decode_byte (*pt) << l;
|
||||||
|
pt++;
|
||||||
|
--
|
||||||
|
2.34.1
|
||||||
|
|
@ -20,7 +20,7 @@
|
|||||||
Summary: A text mode mail user agent
|
Summary: A text mode mail user agent
|
||||||
Name: mutt
|
Name: mutt
|
||||||
Version: 2.0.7
|
Version: 2.0.7
|
||||||
Release: 1%{?dist}
|
Release: 2%{?dist}
|
||||||
Epoch: 5
|
Epoch: 5
|
||||||
# The entire source code is GPLv2+ except
|
# The entire source code is GPLv2+ except
|
||||||
# pgpewrap.c setenv.c sha1.c wcwidth.c which are Public Domain
|
# pgpewrap.c setenv.c sha1.c wcwidth.c which are Public Domain
|
||||||
@ -40,6 +40,8 @@ Patch10: mutt-1.9.4-lynx_no_backscapes.patch
|
|||||||
Patch12: mutt-1.9.5-nodotlock.patch
|
Patch12: mutt-1.9.5-nodotlock.patch
|
||||||
# Fixs compatibility with previous versions
|
# Fixs compatibility with previous versions
|
||||||
Patch13: mutt_disable_ssl_enforce.patch
|
Patch13: mutt_disable_ssl_enforce.patch
|
||||||
|
Patch14: mutt-2.0.7-cve-2022-1328.patch
|
||||||
|
|
||||||
# Coverity patches
|
# Coverity patches
|
||||||
# https://cov01.lab.eng.brq.redhat.com/el8-results/el8/mutt-1.9.3-1.el8+7/scan-results-imp.html
|
# https://cov01.lab.eng.brq.redhat.com/el8-results/el8/mutt-1.9.3-1.el8+7/scan-results-imp.html
|
||||||
Patch111: mutt-1.10.1-mutt-1.9.3-1_coverity_166.patch
|
Patch111: mutt-1.10.1-mutt-1.9.3-1_coverity_166.patch
|
||||||
@ -100,6 +102,7 @@ autoreconf --install
|
|||||||
%patch8 -p1 -b .system_certs
|
%patch8 -p1 -b .system_certs
|
||||||
%patch9 -p1 -b .ssl_ciphers
|
%patch9 -p1 -b .ssl_ciphers
|
||||||
%patch13 -p1
|
%patch13 -p1
|
||||||
|
%patch14 -p1 -b .cve-2022-1328
|
||||||
|
|
||||||
%patch111 -p1 -b .mutt-1.9.3-1_coverity_166
|
%patch111 -p1 -b .mutt-1.9.3-1_coverity_166
|
||||||
%patch112 -p1 -b .mutt-1.9.3-1_coverity_181
|
%patch112 -p1 -b .mutt-1.9.3-1_coverity_181
|
||||||
@ -224,6 +227,9 @@ ln -sf ./muttrc.5 %{buildroot}%{_mandir}/man5/muttrc.local.5
|
|||||||
|
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu Jul 21 2022 Matej Mužila <mmuzila@redhat.com> - 5:2.0.7-2
|
||||||
|
- Fix CVE-2022-1328 (#2109247)
|
||||||
|
|
||||||
* Wed May 5 2021 Filip Januš <fjanus@redhat.com> - 5:2.0.7-1
|
* Wed May 5 2021 Filip Januš <fjanus@redhat.com> - 5:2.0.7-1
|
||||||
- Upgrade to v2.0.7
|
- Upgrade to v2.0.7
|
||||||
- New bug fix release
|
- New bug fix release
|
||||||
|
Loading…
Reference in New Issue
Block a user