import mutt-2.0.7-2.el8

This commit is contained in:
CentOS Sources 2022-09-27 05:55:00 -04:00 committed by Stepan Oksanichenko
parent 4785e63316
commit 197c42d5f4
2 changed files with 47 additions and 1 deletions

View File

@ -0,0 +1,40 @@
From e5ed080c00e59701ca62ef9b2a6d2612ebf765a5 Mon Sep 17 00:00:00 2001
From: Kevin McCarthy <kevin@8t8.us>
Date: Tue, 5 Apr 2022 11:05:52 -0700
Subject: [PATCH] Fix uudecode buffer overflow.
mutt_decode_uuencoded() used each line's initial "length character"
without any validation. It would happily read past the end of the
input line, and with a suitable value even past the length of the
input buffer.
As I noted in ticket 404, there are several other changes that could
be added to make the parser more robust. However, to avoid
accidentally introducing another bug or regression, I'm restricting
this patch to simply addressing the overflow.
Thanks to Tavis Ormandy for reporting the issue, along with a sample
message demonstrating the problem.
---
handler.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/handler.c b/handler.c
index d1b4bc73..c97cf0cb 100644
--- a/handler.c
+++ b/handler.c
@@ -404,9 +404,9 @@ static void mutt_decode_uuencoded (STATE *s, LOFF_T len, int istext, iconv_t cd)
pt = tmps;
linelen = decode_byte (*pt);
pt++;
- for (c = 0; c < linelen;)
+ for (c = 0; c < linelen && *pt;)
{
- for (l = 2; l <= 6; l += 2)
+ for (l = 2; l <= 6 && *pt && *(pt + 1); l += 2)
{
out = decode_byte (*pt) << l;
pt++;
--
2.34.1

View File

@ -20,7 +20,7 @@
Summary: A text mode mail user agent Summary: A text mode mail user agent
Name: mutt Name: mutt
Version: 2.0.7 Version: 2.0.7
Release: 1%{?dist} Release: 2%{?dist}
Epoch: 5 Epoch: 5
# The entire source code is GPLv2+ except # The entire source code is GPLv2+ except
# pgpewrap.c setenv.c sha1.c wcwidth.c which are Public Domain # pgpewrap.c setenv.c sha1.c wcwidth.c which are Public Domain
@ -40,6 +40,8 @@ Patch10: mutt-1.9.4-lynx_no_backscapes.patch
Patch12: mutt-1.9.5-nodotlock.patch Patch12: mutt-1.9.5-nodotlock.patch
# Fixs compatibility with previous versions # Fixs compatibility with previous versions
Patch13: mutt_disable_ssl_enforce.patch Patch13: mutt_disable_ssl_enforce.patch
Patch14: mutt-2.0.7-cve-2022-1328.patch
# Coverity patches # Coverity patches
# https://cov01.lab.eng.brq.redhat.com/el8-results/el8/mutt-1.9.3-1.el8+7/scan-results-imp.html # https://cov01.lab.eng.brq.redhat.com/el8-results/el8/mutt-1.9.3-1.el8+7/scan-results-imp.html
Patch111: mutt-1.10.1-mutt-1.9.3-1_coverity_166.patch Patch111: mutt-1.10.1-mutt-1.9.3-1_coverity_166.patch
@ -100,6 +102,7 @@ autoreconf --install
%patch8 -p1 -b .system_certs %patch8 -p1 -b .system_certs
%patch9 -p1 -b .ssl_ciphers %patch9 -p1 -b .ssl_ciphers
%patch13 -p1 %patch13 -p1
%patch14 -p1 -b .cve-2022-1328
%patch111 -p1 -b .mutt-1.9.3-1_coverity_166 %patch111 -p1 -b .mutt-1.9.3-1_coverity_166
%patch112 -p1 -b .mutt-1.9.3-1_coverity_181 %patch112 -p1 -b .mutt-1.9.3-1_coverity_181
@ -224,6 +227,9 @@ ln -sf ./muttrc.5 %{buildroot}%{_mandir}/man5/muttrc.local.5
%changelog %changelog
* Thu Jul 21 2022 Matej Mužila <mmuzila@redhat.com> - 5:2.0.7-2
- Fix CVE-2022-1328 (#2109247)
* Wed May 5 2021 Filip Januš <fjanus@redhat.com> - 5:2.0.7-1 * Wed May 5 2021 Filip Januš <fjanus@redhat.com> - 5:2.0.7-1
- Upgrade to v2.0.7 - Upgrade to v2.0.7
- New bug fix release - New bug fix release