packages/mutt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix CVE-2022-1328

Browse Source
This commit is contained in:
starlet-dx 2022-04-24 11:26:14 +08:00
parent 303cd9d1ad
commit 7b4a548f7c
2 changed files with 48 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
CVE-2022-1328.patch Normal file
View File

@ -0,0 +1,40 @@
From e5ed080c00e59701ca62ef9b2a6d2612ebf765a5 Mon Sep 17 00:00:00 2001
From: Kevin McCarthy <kevin@8t8.us>
Date: Tue, 5 Apr 2022 11:05:52 -0700
Subject: [PATCH] Fix uudecode buffer overflow.
mutt_decode_uuencoded() used each line's initial "length character"
without any validation. It would happily read past the end of the
input line, and with a suitable value even past the length of the
input buffer.
As I noted in ticket 404, there are several other changes that could
be added to make the parser more robust. However, to avoid
accidentally introducing another bug or regression, I'm restricting
this patch to simply addressing the overflow.
Thanks to Tavis Ormandy for reporting the issue, along with a sample
message demonstrating the problem.
---
handler.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/handler.c b/handler.c
index d1b4bc73..c97cf0cb 100644
--- a/handler.c
+++ b/handler.c
@@ -404,9 +404,9 @@ static void mutt_decode_uuencoded (STATE *s, LOFF_T len, int istext, iconv_t cd)
pt = tmps;
linelen = decode_byte (*pt);
pt++;
- for (c = 0; c < linelen;)
+ for (c = 0; c < linelen && *pt;)
{
- for (l = 2; l <= 6; l += 2)
+ for (l = 2; l <= 6 && *pt && *(pt + 1); l += 2)
{
out = decode_byte (*pt) << l;
pt++;
--
GitLab

11
mutt.spec
View File

@ -1,6 +1,6 @@
Name: mutt Name: mutt
Version: 2.1.3 Version: 2.1.3
Release: 1 Release: 2
Epoch: 5 Epoch: 5
Summary: Text-based mail client Summary: Text-based mail client
License: GPLv2+ and Public Domain License: GPLv2+ and Public Domain
@ -16,6 +16,8 @@ Patch5: mutt-1.9.4-lynx_no_backscapes.patch
Patch6: mutt-1.9.5-nodotlock.patch Patch6: mutt-1.9.5-nodotlock.patch
Patch7: mutt-1.10.0-muttrc.patch Patch7: mutt-1.10.0-muttrc.patch
Patch8: mutt-1.12.1-optusegpgagent.patch Patch8: mutt-1.12.1-optusegpgagent.patch
#https://gitlab.com/muttmua/mutt/-/commit/e5ed080c00e59701ca62ef9b2a6d2612ebf765a5.patch
Patch9: CVE-2022-1328.patch
BuildRequires: gcc ncurses-devel gettext automake /usr/bin/xsltproc BuildRequires: gcc ncurses-devel gettext automake /usr/bin/xsltproc
BuildRequires: lynx docbook-style-xsl perl-interpreter perl-generators BuildRequires: lynx docbook-style-xsl perl-interpreter perl-generators
@ -123,16 +125,19 @@ ln -sf ./muttrc.5 %{buildroot}%{_mandir}/man5/muttrc.local.5
%{_infodir}/mutt.info.* %{_infodir}/mutt.info.*
%changelog %changelog
* Sun Apr 24 2022 yaoxin <yaoxin30@h-partners.com> - 2.1.3-2
- Fix CVE-2022-1328
* Tue Dec 28 2021 gaihuiying1<gaihuiying@huawei.com> - 2.1.3-1 * Tue Dec 28 2021 gaihuiying1<gaihuiying@huawei.com> - 2.1.3-1
- Type:requirement - Type:requirement
- Id:NA - Id:NA
- SUG:NA - SUG:NA
- DESC:update mutt to 2.1.3 - DESC:update mutt to 2.1.3
- Fri Oct 15 2021 yaoxin<yaoxin30@huawei.com> - 1.10.1-7 * Fri Oct 15 2021 yaoxin<yaoxin30@huawei.com> - 1.10.1-7
- fix CVE-2020-14154 - fix CVE-2020-14154
- Tue Jul 27 2021 wangyue<wangyue92@huawei.com> - 1.10.1-6 * Tue Jul 27 2021 wangyue<wangyue92@huawei.com> - 1.10.1-6
- fix CVE-2020-14093 - fix CVE-2020-14093
* Fri Jul 23 2021 yaoxin<yaoxin30@huawei.com> - 1.10.1-5 * Fri Jul 23 2021 yaoxin<yaoxin30@huawei.com> - 1.10.1-5