On Thu, Nov 27, 2014 at 10:42:35PM +0000, Antonio Radici wrote: > A better debdiff is included, this does not include two vim artifacts at the > end of the first patch, sorry for the inconvenience.
Again, another debdiff; this time the patch has been modified to correctly skip the case where end == NULL, which is handled later in the function; if that case is not used instead, then mutt will segfault frequently. I expect this to be the last and final debdiff; please disregard the two previous ones.
diff -u mutt-1.5.21/debian/changelog mutt-1.5.21/debian/changelog --- mutt-1.5.21/debian/changelog +++ mutt-1.5.21/debian/changelog @@ -1,3 +1,10 @@ +mutt (1.5.21-6.2+deb7u3) wheezy-security; urgency=high + + * Fix buffer overflow caused by an incorrect parsing of whitespace + characters; also address CVE-2014-0467 (Closes: 771125) + + -- Antonio Radici <anto...@dyne.org> Thu, 27 Nov 2014 21:10:23 +0000 + mutt (1.5.21-6.2+deb7u2) wheezy-security; urgency=high * Non-maintainer upload. diff -u mutt-1.5.21/debian/patches/series mutt-1.5.21/debian/patches/series --- mutt-1.5.21/debian/patches/series +++ mutt-1.5.21/debian/patches/series @@ -54,6 +54,7 @@ upstream/611410-no-implicit_autoview-for-text-html.patch upstream/path_max upstream/CVE-2014-0467.patch +upstream/771125-CVE-2014-9116.patch misc/579967-fixes-german-translation.patch only in patch2: unchanged: --- mutt-1.5.21.orig/debian/patches/upstream/771125-CVE-2014-9116.patch +++ mutt-1.5.21/debian/patches/upstream/771125-CVE-2014-9116.patch @@ -0,0 +1,37 @@ +This patches solves the issue raised by CVE-2014-9116 in bug 771125. +The sendlib patch is incorporated from upstream commit: +http://dev.mutt.org/trac/changeset/897dcc62e4aa + +The lib.c part was written by Antonio Radici <anto...@debian.org> to prevent +crashes due to this kind of bugs from happening again. + +Index: mutt/sendlib.c +=================================================================== +--- mutt.orig/sendlib.c ++++ mutt/sendlib.c +@@ -1815,6 +1815,11 @@ static int write_one_header (FILE *fp, i + tagbuf = mutt_substrdup (start, t); + ++t; /* skip over the colon separating the header field name and value */ + SKIPWS(t); /* skip over any leading whitespace */ ++ ++ /* skip over any leading whitespace (WSP, as defined in RFC5322) */ ++ while (*t == ' ' || *t == '\t') ++ t++; ++ + valbuf = mutt_substrdup (t, end); + } + dprint(4,(debugfile,"mwoh: buf[%s%s] too long, " +Index: mutt/lib.c +=================================================================== +--- mutt.orig/lib.c ++++ mutt/lib.c +@@ -814,6 +814,9 @@ char *mutt_substrdup (const char *begin, + size_t len; + char *p; + ++ if (end != NULL && end < begin) ++ return NULL; ++ + if (end) + len = end - begin; + else
signature.asc
Description: Digital signature
