mutt - CVE-2006-3242
Kacper Kornet
kornet w camk.edu.pl
Śro, 12 Lip 2006, 18:43:23 CEST
Witam,
W AC jest chyba dziurawy mutt (CVE-2006-3242). Podsyłam łatkę
poprawiającą to.
Pozdrawiam,
--
Kacper Kornet
-------------- następna część ---------
Index: mutt.spec
===================================================================
RCS file: /cvsroot/SPECS/mutt.spec,v
retrieving revision 1.183
diff -u -r1.183 mutt.spec
--- mutt.spec 22 Aug 2005 13:12:02 -0000 1.183
+++ mutt.spec 12 Jul 2006 16:32:53 -0000
@@ -20,7 +20,7 @@
Summary(uk): đĎŰÔĎ×Á ËĚŚ¤ÎÔÓŘËÁ ĐŇĎÇŇÁÍÁ Mutt
Name: mutt
Version: 1.4.2.1
-Release: 10
+Release: 10.1
Epoch: 6
License: GPL
Group: Applications/Mail
@@ -54,6 +54,7 @@
Patch22: %{name}-kill_warnings.patch
Patch23: %{name}-Muttrc_mbox_path.patch
Patch24: %{name}-po.patch
+Patch25: %{name}-CVE-2006-3242.patch
URL: http://www.mutt.org/
BuildRequires: autoconf
BuildRequires: automake
@@ -160,6 +161,7 @@
%patch22 -p1
%patch23 -p1
%patch24 -p1
+%patch25 -p1
# force regeneration (manual.sgml is modified by some patches)
rm -f doc/{manual*.html,manual.txt}
-------------- następna część ---------
===================================================================
RCS file: /var/lib/cvsd/cvsroots/mutt/imap/browse.c,v
retrieving revision 1.34.2.2
retrieving revision 1.34.2.3
diff -u -r1.34.2.2 -r1.34.2.3
--- mutt/imap/browse.c 2002/02/26 10:38:56 1.34.2.2
+++ mutt/imap/browse.c 2006/06/19 18:20:00 1.34.2.3
@@ -452,7 +452,7 @@
if (*s == '\"')
{
s++;
- while (*s && *s != '\"')
+ while (*s && *s != '\"' && n < sizeof (ns) - 1)
{
if (*s == '\\')
s++;
@@ -463,12 +463,14 @@
s++;
}
else
- while (*s && !ISSPACE (*s))
+ while (*s && !ISSPACE (*s) && n < sizeof (ns) - 1)
{
ns[n++] = *s;
s++;
}
ns[n] = '\0';
+ if (n == sizeof (ns) - 1)
+ dprint (1, (debugfile, "browse_get_namespace: too long: [%s]\n", ns));
/* delim? */
s = imap_next_word (s);
/* delimiter is meaningless if namespace is "". Why does
Więcej informacji o liście dyskusyjnej pld-devel-pl