import mutt-2.0.7-2.el8

2022-08-05 10:14:01 +00:00 · 2022-08-05 10:14:01 +00:00 · 7bb7dc5c49
parent 5d75090b8d
commit 7bb7dc5c49
2 changed files with 47 additions and 1 deletions
--- a/SOURCES/mutt-2.0.7-cve-2022-1328.patch
+++ b/SOURCES/mutt-2.0.7-cve-2022-1328.patch
@ -0,0 +1,40 @@
+From e5ed080c00e59701ca62ef9b2a6d2612ebf765a5 Mon Sep 17 00:00:00 2001
+From: Kevin McCarthy <kevin@8t8.us>
+Date: Tue, 5 Apr 2022 11:05:52 -0700
+Subject: [PATCH] Fix uudecode buffer overflow.
+
+mutt_decode_uuencoded() used each line's initial "length character"
+without any validation.  It would happily read past the end of the
+input line, and with a suitable value even past the length of the
+input buffer.
+
+As I noted in ticket 404, there are several other changes that could
+be added to make the parser more robust.  However, to avoid
+accidentally introducing another bug or regression, I'm restricting
+this patch to simply addressing the overflow.
+
+Thanks to Tavis Ormandy for reporting the issue, along with a sample
+message demonstrating the problem.
+---
+ handler.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/handler.c b/handler.c
+index d1b4bc73..c97cf0cb 100644
+--- a/handler.c
+++ b/handler.c
+@@ -404,9 +404,9 @@ static void mutt_decode_uuencoded (STATE *s, LOFF_T len, int istext, iconv_t cd)
+     pt = tmps;
+     linelen = decode_byte (*pt);
+     pt++;
+-    for (c = 0; c < linelen;)
+    for (c = 0; c < linelen && *pt;)
+     {
+-      for (l = 2; l <= 6; l += 2)
+      for (l = 2; l <= 6 && *pt && *(pt + 1); l += 2)
+       {
+ 	out = decode_byte (*pt) << l;
+ 	pt++;
+-- 
+2.34.1
+
--- a/SPECS/mutt.spec
+++ b/SPECS/mutt.spec
@ -20,7 +20,7 @@
 Summary: A text mode mail user agent
 Name: mutt
 Version: 2.0.7
-Release: 1%{?dist}
+Release: 2%{?dist}
 Epoch: 5
 # The entire source code is GPLv2+ except
 # pgpewrap.c setenv.c sha1.c wcwidth.c which are Public Domain
@ -40,6 +40,8 @@ Patch10: mutt-1.9.4-lynx_no_backscapes.patch
 Patch12: mutt-1.9.5-nodotlock.patch
 # Fixs compatibility with previous versions
 Patch13: mutt_disable_ssl_enforce.patch
+Patch14: mutt-2.0.7-cve-2022-1328.patch
+
 # Coverity patches
 # https://cov01.lab.eng.brq.redhat.com/el8-results/el8/mutt-1.9.3-1.el8+7/scan-results-imp.html
 Patch111: mutt-1.10.1-mutt-1.9.3-1_coverity_166.patch
@ -100,6 +102,7 @@ autoreconf --install
 %patch8 -p1 -b .system_certs
 %patch9 -p1 -b .ssl_ciphers
 %patch13 -p1
+%patch14 -p1 -b .cve-2022-1328

 %patch111 -p1 -b .mutt-1.9.3-1_coverity_166
 %patch112 -p1 -b .mutt-1.9.3-1_coverity_181
@ -224,6 +227,9 @@ ln -sf ./muttrc.5 %{buildroot}%{_mandir}/man5/muttrc.local.5


 %changelog
+* Thu Jul 21 2022 Matej Mužila <mmuzila@redhat.com> - 5:2.0.7-2
+- Fix CVE-2022-1328 (#2109247)
+
 * Wed May 5 2021 Filip Januš <fjanus@redhat.com> - 5:2.0.7-1
 - Upgrade to v2.0.7
 - New bug fix release