[gentoo-commits] gentoo-x86 commit in mail-client/mutt/files: mutt-1.5.22-cve-2014-0567.patch

[gentoo-commits] gentoo-x86 commit in mail-client/mutt/files: mutt-1.5.22-cve-2014-0567.patch

[Alexander Vershilov (qnikst)]

qnikst      14/03/13 20:44:53

  Added:                mutt-1.5.22-cve-2014-0567.patch
  Log:
  fix buffer overflow issue (CVE-2014-0567), bug #504462
  
  (Portage version: 2.2.8-r1/cvs/Linux x86_64, signed Manifest commit with key 0xEAD50D64D8D3571A!)

Revision  Changes    Path
1.1                  mail-client/mutt/files/mutt-1.5.22-cve-2014-0567.patch

file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/mail-client/mutt/files/mutt-1.5.22-cve-2014-0567.patch?rev=1.1&view=markup
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/mail-client/mutt/files/mutt-1.5.22-cve-2014-0567.patch?rev=1.1&content-type=text/plain

Index: mutt-1.5.22-cve-2014-0567.patch
===================================================================
# HG changeset patch
# User Michael Elkins <me@sigpipe.org>
# Date 1394556009 25200
#      Tue Mar 11 09:40:09 2014 -0700
# Branch stable
# Node ID 9bf7593e3c08cc32bd69595d5c1cac75c29ba09d
# Parent  3d5e23a66a1a179d9be25767e634174905ae2bdb
Fix buffer overrun caused by not updating a string length after address expansion.

diff --git a/copy.c b/copy.c
--- a/copy.c
+++ b/copy.c
@@ -254,6 +254,7 @@
     {
       if (!address_header_decode (&this_one))
 	rfc2047_decode (&this_one);
+      this_one_len = mutt_strlen (this_one);
     }
     
     if (!headers[x])

[gentoo-commits] gentoo-x86 commit in mail-client/mutt/files: mutt-1.5.22-cve-2014-0567.patch

[Fabian Groffen (grobian)]

grobian     15/04/23 07:44:50

  Removed:              mutt-1.5.22-cve-2014-0567.patch
  Log:
  Drop vulnerable version
  
  (Portage version: 2.2.14-prefix/cvs/SunOS i386, signed Manifest commit with key 0x5F75F607C5C74E89)