[SVN] r847 - in /trunk/cyrus-imapd-2.2.13/debian: changelog patches/0025-upstream-fix-cve-2009-3235.dpatch
debian at incase.de
debian at incase.de
Wed Sep 23 13:38:04 UTC 2009
Author: hmh
Date: Wed Sep 23 15:38:04 2009
New Revision: 847
URL: https://mail.incase.de/viewcvs?rev=847&root=cyrus22&view=rev
Log:
* sieve/bc_eval.c (0025-upstream-fix-cve-2009-3235.dpatch):
update for completeness to match the patch used by the security-team:
use snprintf for scount, to future-proof against "int" larger than
64 bits.
Modified:
trunk/cyrus-imapd-2.2.13/debian/changelog
trunk/cyrus-imapd-2.2.13/debian/patches/0025-upstream-fix-cve-2009-3235.dpatch
Modified: trunk/cyrus-imapd-2.2.13/debian/changelog
URL: https://mail.incase.de/viewcvs/trunk/cyrus-imapd-2.2.13/debian/changelog?rev=847&root=cyrus22&r1=846&r2=847&view=diff
==============================================================================
--- trunk/cyrus-imapd-2.2.13/debian/changelog (original)
+++ trunk/cyrus-imapd-2.2.13/debian/changelog Wed Sep 23 15:38:04 2009
@@ -1,8 +1,12 @@
cyrus-imapd-2.2 (2.2.13-18) UNRELEASED; urgency=low
* NOT RELEASED YET
-
- -- Henrique de Moraes Holschuh <hmh at debian.org> Tue, 22 Sep 2009 23:26:20 -0300
+ * sieve/bc_eval.c (0025-upstream-fix-cve-2009-3235.dpatch):
+ update for completeness to match the patch used by the security-team:
+ use snprintf for scount, to future-proof against "int" larger than
+ 64 bits.
+
+ -- Henrique de Moraes Holschuh <hmh at debian.org> Wed, 23 Sep 2009 09:22:07 -0300
cyrus-imapd-2.2 (2.2.13-17) unstable; urgency=high
Modified: trunk/cyrus-imapd-2.2.13/debian/patches/0025-upstream-fix-cve-2009-3235.dpatch
URL: https://mail.incase.de/viewcvs/trunk/cyrus-imapd-2.2.13/debian/patches/0025-upstream-fix-cve-2009-3235.dpatch?rev=847&root=cyrus22&r1=3D846&r2=847&view=diff
==============================================================================
--- trunk/cyrus-imapd-2.2.13/debian/patches/0025-upstream-fix-cve-2009-3235.dpatch (original)
+++ trunk/cyrus-imapd-2.2.13/debian/patches/0025-upstream-fix-cve-2009-3235.dpatch Wed Sep 23 15:38:04 2009
@@ -6,8 +6,8 @@
@DPATCH@
diff -urNad cyrus-imapd-2.2.13~/sieve/bc_eval.c cyrus-imapd-2.2.13/sieve/bc_eval.c
---- cyrus-imapd-2.2.13~/sieve/bc_eval.c 2009-09-22 18:47:23.000000000 -0300
-+++ cyrus-imapd-2.2.13/sieve/bc_eval.c 2009-09-22 18:57:26.479167505 -0300
+--- cyrus-imapd-2.2.13~/sieve/bc_eval.c 2009-09-23 09:18:50.557332445 -0300
++++ cyrus-imapd-2.2.13/sieve/bc_eval.c 2009-09-23 09:20:15.831016330 -0300
@@ -440,7 +440,7 @@
int comparator=ntohl(bc[i+3].value);
int apart=ntohl(bc[i+4].value);
@@ -17,6 +17,15 @@
int isReg = (match==B_REGEX);
int ctag = 0;
regex_t *reg;
+@@ -574,7 +574,7 @@
+
+ if (match == B_COUNT)
+ {
+- sprintf(scount, "%u", count);
++ snprintf(scount, sizeof(scount), "%u", count);
+ /* search through all the data */
+ currd=datai+2;
+ for (z=0; z<numdata && !res; z++)
@@ -608,7 +608,7 @@
int relation=ntohl(bc[i+2].value);
int comparator=ntohl(bc[i+3].value);
@@ -26,9 +35,18 @@
int isReg = (match==B_REGEX);
int ctag = 0;
regex_t *reg;
+@@ -689,7 +689,7 @@
+
+ if (match == B_COUNT )
+ {
+- sprintf(scount, "%u", count);
++ snprintf(scount, sizeof(scount), "%u", count);
+ /*search through all the data*/
+ currd=datai+2;
+ for (z=0; z<numdata && !res; z++)
diff -urNad cyrus-imapd-2.2.13~/sieve/script.c cyrus-imapd-2.2.13/sieve/script.c
---- cyrus-imapd-2.2.13~/sieve/script.c 2009-09-22 18:57:09.666668946 -0300
-+++ cyrus-imapd-2.2.13/sieve/script.c 2009-09-22 18:57:26.479167505 -0300
+--- cyrus-imapd-2.2.13~/sieve/script.c 2009-09-23 09:18:51.474832314 -0300
++++ cyrus-imapd-2.2.13/sieve/script.c 2009-09-23 09:18:51.627330879 -0300
@@ -526,9 +526,9 @@
if ((ret != SIEVE_OK) && interp->err) {
char buf[1024];
@@ -42,8 +60,8 @@
ret |= interp->execute_err(buf, interp->interp_context,
diff -urNad cyrus-imapd-2.2.13~/sieve/sieve.y cyrus-imapd-2.2.13/sieve/sieve.y
---- cyrus-imapd-2.2.13~/sieve/sieve.y 2009-09-22 18:47:23.000000000 -0300
-+++ cyrus-imapd-2.2.13/sieve/sieve.y 2009-09-22 18:57:26.479167505 -0300
+--- cyrus-imapd-2.2.13~/sieve/sieve.y 2009-09-23 09:18:50.557332445 -0300
++++ cyrus-imapd-2.2.13/sieve/sieve.y 2009-09-23 09:18:51.627330879 -0300
@@ -923,7 +923,7 @@
else if (!strcmp(r, "ne")) {return NE;}
else if (!strcmp(r, "eq")) {return EQ;}
More information about the Pkg-Cyrus-imapd-Debian-devel
mailing list