Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 29 Jun 2006 17:35:01 +0200 (CEST)
From:      Udo Schweigert <udo.schweigert@siemens.com>
To:        FreeBSD-gnats-submit@FreeBSD.org
Subject:   ports/99613: maintainer-update of mail/mutt-devel
Message-ID:  <200606291535.k5TFZ111012383@alaska.cert.siemens.com>
Resent-Message-ID: <200606291610.k5TGAGmr079493@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help 

>Number:         99613
>Category:       ports
>Synopsis:       maintainer-update of mail/mutt-devel
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          maintainer-update
>Submitter-Id:   current-users
>Arrival-Date:   Thu Jun 29 16:10:16 GMT 2006
>Closed-Date:
>Last-Modified:
>Originator:     Udo Schweigert
>Release:        FreeBSD 6.1-RELEASE-p2 i386
>Organization:
>Environment:

>Description:

Maintainer update of mail/mutt-devel:

	- Fix IMAP buffer overflow
	  (http://www.securityfocus.com/bid/18642)

>How-To-Repeat:
>Fix:

diff -ru  /usr/ports/mail/mutt-devel/Makefile ./Makefile
--- /usr/ports/mail/mutt-devel/Makefile	Fri Jun 23 06:07:58 2006
+++ ./Makefile	Thu Jun 29 17:25:17 2006
@@ -107,7 +107,7 @@
 
 PORTNAME=	mutt-devel
 PORTVERSION=	1.5.11
-PORTREVISION?=	2
+PORTREVISION?=	3
 CATEGORIES+=	mail ipv6
 .if defined(WITH_MUTT_NNTP)
 CATEGORIES+=	news
diff -ru  /usr/ports/mail/mutt-devel/files/patch-imap-browse.c ./files/patch-imap-browse.c
--- /usr/ports/mail/mutt-devel/files/patch-imap-browse.c	Thu Jan  1 01:00:00 1970
+++ ./files/patch-imap-browse.c	Thu Jun 29 17:24:49 2006
@@ -0,0 +1,28 @@
+--- imap/browse.c.orig
++++ imap/browse.c
+@@ -505,7 +505,7 @@ static int browse_get_namespace (IMAP_DA
+ 	    if (*s == '\"')
+ 	    {
+ 	      s++;
+-	      while (*s && *s != '\"') 
++	      while (*s && *s != '\"' && n < sizeof (ns) - 1) 
+ 	      {
+ 		if (*s == '\\')
+ 		  s++;
+@@ -516,12 +516,14 @@ static int browse_get_namespace (IMAP_DA
+ 		s++;
+ 	    }
+ 	    else
+-	      while (*s && !ISSPACE (*s)) 
++	      while (*s && !ISSPACE (*s) && n < sizeof (ns) - 1)
+ 	      {
+ 		ns[n++] = *s;
+ 		s++;
+ 	      }
+ 	    ns[n] = '\0';
++	    if (n == sizeof (ns) - 1)
++	      dprint (1, (debugfile, "browse_get_namespace: too long: [%s]\n", ns));
+ 	    /* delim? */
+ 	    s = imap_next_word (s);
+ 	    /* delimiter is meaningless if namespace is "". Why does
+
>Release-Note:
>Audit-Trail:
>Unformatted:

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200606291535.k5TFZ111012383>