On Thu, Sep 01, 2016 at 07:06:10AM +0000, Antonio Radici wrote: Hi Antonio.
> Hi Hilmar, > first of all thanks for your bug report! > From the Debian Developer Reference [1] I see that: > ======= > Basically, a package should only be uploaded to stable if one of the following > happens: > > * a truly critical functionality problem > > * the package becomes uninstallable > > * a released architecture lacks the package > ======= > > One could argue that this is a functionality problem, I can try to open the > bug > to the release team and see what they think, I'll include the patch too and a > brief description, I'll add the bug here as soon as it is open (hopefully this > evening at the latest) I have been recently hit by this. In my experience this patch would be perfectly fine for a Jessie point release. I haven't seen anything regarding a mutt stable update, have I missed anything? I have prepared a stable update on top of the jessie-updates git branch and verified that it fixes this problem (see attached git patch) If you agree, but don't have time to discuss this with the release-team I'm willing to do this on your behalf. Bernhard
From bc6025525e37ffa82aad19840df3b915324506a6 Mon Sep 17 00:00:00 2001 From: Bernhard Schmidt <be...@debian.org> Date: Wed, 15 Mar 2017 21:29:53 +0100 Subject: [PATCH] Fix SIGSEGV selecting a GPG key Import patch from http://dev.mutt.org/hg/mutt/rev/5a86319adad0 asa upstream/763522-fix-segv-selecting-pgpkey.patch to fix a SIGSEGV when selecting a GPG key from a list Closes: #763522, #836254 --- debian/changelog | 8 +++++ debian/patches/series | 1 + .../763522-fix-segv-selecting-pgpkey.patch | 38 ++++++++++++++++++++++ 3 files changed, 47 insertions(+) create mode 100644 debian/patches/upstream/763522-fix-segv-selecting-pgpkey.patch diff --git a/debian/changelog b/debian/changelog index 18b4ef6..7d9af51 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,11 @@ +mutt (1.5.23-3+deb8u1) jessie; urgency=medium + + [ Bernhard Schmidt ] + * Imported upstream/763522-fix-segv-selecting-pgpkey.patch to fix SIGSEGV + selecting a GPG key (Closes: #763522, #836254) + + -- Bernhard Schmidt <be...@debian.org> Wed, 15 Mar 2017 21:30:46 +0100 + mutt (1.5.23-3) unstable; urgency=medium * Fixed upstream/771125-CVE-2014-9116-jessie.patch thanks to Salvatore diff --git a/debian/patches/series b/debian/patches/series index be99f68..90bff8b 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -32,6 +32,7 @@ upstream/228671-pipe-mime.patch upstream/383769-score-match.patch upstream/603288-split-fetches.patch upstream/611410-no-implicit_autoview-for-text-html.patch +upstream/763522-fix-segv-selecting-pgpkey.patch upstream/path_max.patch translations/update_german_translation.patch upstream/771125-CVE-2014-9116-jessie.patch diff --git a/debian/patches/upstream/763522-fix-segv-selecting-pgpkey.patch b/debian/patches/upstream/763522-fix-segv-selecting-pgpkey.patch new file mode 100644 index 0000000..e8f8c93 --- /dev/null +++ b/debian/patches/upstream/763522-fix-segv-selecting-pgpkey.patch @@ -0,0 +1,38 @@ + +# HG changeset patch +# User Kevin McCarthy <ke...@8t8.us> +# Date 1420511339 28800 +# Node ID 5a86319adad0d17e4acaf8a580bfc9eb247547d0 +# Parent 1b583341d5ad677c8a1935eb4110eba27606878a +Fix segv in pgp_getkeybystr(). (closes #3725) + +When searching for keys, and the user supplies "" to match against, +pgp_getkeybystr will have values: + p = ""; + l = 0; +After returning from pgp_select_key(), it will try to assign to +p[l-1]. + +(As a note, the function is chopping off and restoring the trailing +"!" character because of ticket #1928.) + +diff -r 1b583341d5ad -r 5a86319adad0 pgpkey.c +--- a/pgpkey.c Sun Sep 07 11:04:54 2014 -0700 ++++ b/pgpkey.c Mon Jan 05 18:28:59 2015 -0800 +@@ -985,13 +985,13 @@ + pgp_remove_key (&matches, k); + + pgp_free_key (&matches); +- if (!p[l-1]) ++ if (l && !p[l-1]) + p[l-1] = '!'; + return k; + } + + out: +- if (!p[l-1]) ++ if (l && !p[l-1]) + p[l-1] = '!'; + return NULL; + } + -- 2.11.0
signature.asc
Description: Digital signature
