packages/mutt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix CVE-2021-3181

Browse Source
This commit is contained in:
zhanghua1831 2021-02-20 11:12:16 +08:00
parent d056258811
commit fa233dd501
2 changed files with 44 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
CVE-2021-3181.patch Normal file
View File

@ -0,0 +1,39 @@
From 4a2becbdb4422aaffe3ce314991b9d670b7adf17 Mon Sep 17 00:00:00 2001
From: Kevin McCarthy <kevin@8t8.us>
Date: Sun, 17 Jan 2021 10:40:37 -0800
Subject: [PATCH] Fix memory leak parsing group addresses without a display
name.
When there was a group address terminator with no previous
addresses (including the group display-name), an address would be
allocated but not attached to the address list.
Change this to only allocate when last exists.
It would be more correct to not allocate at all unless we are inside a
group list, but I will address that in a separate commit to master.
---
rfc822.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/rfc822.c b/rfc822.c
index 7ff4eaa3..ced619f2 100644
--- a/rfc822.c
+++ b/rfc822.c
@@ -587,11 +587,10 @@ ADDRESS *rfc822_parse_adrlist (ADDRESS *top, const char *s)
#endif
/* add group terminator */
- cur = rfc822_new_address ();
if (last)
{
- last->next = cur;
- last = cur;
+ last->next = rfc822_new_address ();
+ last = last->next;
}
phraselen = 0;
--
GitLab

6
mutt.spec
View File

@ -1,6 +1,6 @@
Name: mutt Name: mutt
Version: 1.10.1 Version: 1.10.1
Release: 3 Release: 4
Epoch: 5 Epoch: 5
Summary: Text-based mail client Summary: Text-based mail client
License: GPLv2+ and Public Domain License: GPLv2+ and Public Domain
@ -16,6 +16,7 @@ Patch3: mutt-1.7.0-syncdebug.patch
Patch8: mutt-1.5.23-system_certs.patch Patch8: mutt-1.5.23-system_certs.patch
Patch9: mutt-1.9.0-ssl_ciphers.patch Patch9: mutt-1.9.0-ssl_ciphers.patch
Patch13: CVE-2020-28896.patch Patch13: CVE-2020-28896.patch
Patch14: CVE-2021-3181.patch
BuildRequires: gcc ncurses-devel gettext automake /usr/bin/xsltproc BuildRequires: gcc ncurses-devel gettext automake /usr/bin/xsltproc
BuildRequires: lynx docbook-style-xsl perl-interpreter perl-generators BuildRequires: lynx docbook-style-xsl perl-interpreter perl-generators
@ -120,6 +121,9 @@ ln -sf ./muttrc.5 %{buildroot}%{_mandir}/man5/muttrc.local.5
%{_mandir}/man5/muttrc.* %{_mandir}/man5/muttrc.*
%changelog %changelog
* Sat Feb 20 2021 zhanghua<zhanghua40@huawei.com> - 1.10.1-4
- fix CVE-2021-3181
* Thu Jan 07 2021 wangyue<wangyue92@huawei.com> - 1.10.1-3 * Thu Jan 07 2021 wangyue<wangyue92@huawei.com> - 1.10.1-3
- fix CVE-2020-28896 - fix CVE-2020-28896