On Sun, Apr 19, 2026 at 08:44:51AM +0200, Alejandro Colomar via Mutt-dev wrote:
Hi Kevin,On 2026-04-19T13:49:31+0800, Kevin J. McCarthy wrote:The code was not properly checking for a -1 return value in the read, leading to an infinite loop, and printing past the buffer value to the stream. Thanks to [email protected] for the security report. --- This is 2 in the list evilrabbit sent. Thanks for the suggestion Alex, but it reads a little funny compared to the rest of the codebase, so I'm keeping the comparision as is for this fix. :-DThat's fine. :-) Reviewed-by: Alejandro Colomar <[email protected]>
Pushed to stable and merged into master. -- Kevin J. McCarthy GPG Fingerprint: 8975 A9B3 3AA3 7910 385C 5308 ADEF 7684 8031 6BDA
signature.asc
Description: PGP signature
