import mutt-2.0.7-2.el8
This commit is contained in:
parent
4785e63316
commit
197c42d5f4
40
SOURCES/mutt-2.0.7-cve-2022-1328.patch
Normal file
40
SOURCES/mutt-2.0.7-cve-2022-1328.patch
Normal file
@ -0,0 +1,40 @@
|
||||
From e5ed080c00e59701ca62ef9b2a6d2612ebf765a5 Mon Sep 17 00:00:00 2001
|
||||
From: Kevin McCarthy <kevin@8t8.us>
|
||||
Date: Tue, 5 Apr 2022 11:05:52 -0700
|
||||
Subject: [PATCH] Fix uudecode buffer overflow.
|
||||
|
||||
mutt_decode_uuencoded() used each line's initial "length character"
|
||||
without any validation. It would happily read past the end of the
|
||||
input line, and with a suitable value even past the length of the
|
||||
input buffer.
|
||||
|
||||
As I noted in ticket 404, there are several other changes that could
|
||||
be added to make the parser more robust. However, to avoid
|
||||
accidentally introducing another bug or regression, I'm restricting
|
||||
this patch to simply addressing the overflow.
|
||||
|
||||
Thanks to Tavis Ormandy for reporting the issue, along with a sample
|
||||
message demonstrating the problem.
|
||||
---
|
||||
handler.c | 4 ++--
|
||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/handler.c b/handler.c
|
||||
index d1b4bc73..c97cf0cb 100644
|
||||
--- a/handler.c
|
||||
+++ b/handler.c
|
||||
@@ -404,9 +404,9 @@ static void mutt_decode_uuencoded (STATE *s, LOFF_T len, int istext, iconv_t cd)
|
||||
pt = tmps;
|
||||
linelen = decode_byte (*pt);
|
||||
pt++;
|
||||
- for (c = 0; c < linelen;)
|
||||
+ for (c = 0; c < linelen && *pt;)
|
||||
{
|
||||
- for (l = 2; l <= 6; l += 2)
|
||||
+ for (l = 2; l <= 6 && *pt && *(pt + 1); l += 2)
|
||||
{
|
||||
out = decode_byte (*pt) << l;
|
||||
pt++;
|
||||
--
|
||||
2.34.1
|
||||
|
@ -20,7 +20,7 @@
|
||||
Summary: A text mode mail user agent
|
||||
Name: mutt
|
||||
Version: 2.0.7
|
||||
Release: 1%{?dist}
|
||||
Release: 2%{?dist}
|
||||
Epoch: 5
|
||||
# The entire source code is GPLv2+ except
|
||||
# pgpewrap.c setenv.c sha1.c wcwidth.c which are Public Domain
|
||||
@ -40,6 +40,8 @@ Patch10: mutt-1.9.4-lynx_no_backscapes.patch
|
||||
Patch12: mutt-1.9.5-nodotlock.patch
|
||||
# Fixs compatibility with previous versions
|
||||
Patch13: mutt_disable_ssl_enforce.patch
|
||||
Patch14: mutt-2.0.7-cve-2022-1328.patch
|
||||
|
||||
# Coverity patches
|
||||
# https://cov01.lab.eng.brq.redhat.com/el8-results/el8/mutt-1.9.3-1.el8+7/scan-results-imp.html
|
||||
Patch111: mutt-1.10.1-mutt-1.9.3-1_coverity_166.patch
|
||||
@ -100,6 +102,7 @@ autoreconf --install
|
||||
%patch8 -p1 -b .system_certs
|
||||
%patch9 -p1 -b .ssl_ciphers
|
||||
%patch13 -p1
|
||||
%patch14 -p1 -b .cve-2022-1328
|
||||
|
||||
%patch111 -p1 -b .mutt-1.9.3-1_coverity_166
|
||||
%patch112 -p1 -b .mutt-1.9.3-1_coverity_181
|
||||
@ -224,6 +227,9 @@ ln -sf ./muttrc.5 %{buildroot}%{_mandir}/man5/muttrc.local.5
|
||||
|
||||
|
||||
%changelog
|
||||
* Thu Jul 21 2022 Matej Mužila <mmuzila@redhat.com> - 5:2.0.7-2
|
||||
- Fix CVE-2022-1328 (#2109247)
|
||||
|
||||
* Wed May 5 2021 Filip Januš <fjanus@redhat.com> - 5:2.0.7-1
|
||||
- Upgrade to v2.0.7
|
||||
- New bug fix release
|
||||
|
Loading…
Reference in New Issue
Block a user