r15687 - in /packages/etch/balsa/debian: changelog patches/01_CVE-2007-5007.patch

joss at users.alioth.debian.org joss at users.alioth.debian.org
Fri Apr 18 11:26:17 UTC 2008 

Author: joss
Date: Fri Apr 18 11:26:17 2008
New Revision: 15687

URL: http://svn.debian.org/wsvn/pkg-gnome/?sc=1&rev=15687
Log:
01_CVE-2007-5007.patch: fix for stack-based buffer overflow in the 
ir_fetch_seq function, which might allow remote IMAP servers to 
execute arbitrary code via a long response to a FETCH command.
Thanks Evil Ninja Squirrel for discovering the issue and providing a 
patch, and Nico Golde for signaling it.

Added:
    packages/etch/balsa/debian/patches/01_CVE-2007-5007.patch
Modified:
    packages/etch/balsa/debian/changelog

Modified: packages/etch/balsa/debian/changelog
URL: http://svn.debian.org/wsvn/pkg-gnome/packages/etch/balsa/debian/changelog?rev=15687&op=diff
==============================================================================
--- packages/etch/balsa/debian/changelog (original)
+++ packages/etch/balsa/debian/changelog Fri Apr 18 11:26:17 2008
@@ -1,3 +1,13 @@
+balsa (2.3.13-3) stable; urgency=low
+
+  * 01_CVE-2007-5007.patch: fix for stack-based buffer overflow in the 
+    ir_fetch_seq function, which might allow remote IMAP servers to 
+    execute arbitrary code via a long response to a FETCH command.
+    Thanks Evil Ninja Squirrel for discovering the issue and providing a 
+    patch, and Nico Golde for signaling it.
+
+ -- Josselin Mouette <joss at debian.org>  Fri, 18 Apr 2008 13:23:27 +0200
+
 balsa (2.3.13-2) unstable; urgency=low
 
   * Rebuild against libgmime-2.0-2-dev which supersedes libgmime2.1-dev.

Added: packages/etch/balsa/debian/patches/01_CVE-2007-5007.patch
URL: http://svn.debian.org/wsvn/pkg-gnome/packages/etch/balsa/debian/patches/01_CVE-2007-5007.patch?rev=15687&op=file
==============================================================================
--- packages/etch/balsa/debian/patches/01_CVE-2007-5007.patch (added)
+++ packages/etch/balsa/debian/patches/01_CVE-2007-5007.patch Fri Apr 18 11:26:17 2008
@@ -1,0 +1,13 @@
+Index: libbalsa/imap/imap-handle.c
+===================================================================
+--- libbalsa/imap/imap-handle.c	(revision 7691)
++++ libbalsa/imap/imap-handle.c	(working copy)
+@@ -3606,7 +3606,7 @@
+   if(seqno<1 || seqno > h->exists) return IMR_PROTOCOL;
+   if(sio_getc(h->sio) != '(') return IMR_PROTOCOL;
+   do {
+-    for(i=0; (c = sio_getc(h->sio)) != -1; i++) {
++    for(i=0; ((c = sio_getc(h->sio)) != -1) && (i < LONG_STRING - 1); i++) {
+       c = toupper(c);
+       if( !( (c >='A' && c<='Z') || (c >='0' && c<='9') || c == '.') ) break;
+       atom[i] = c;

More information about the pkg-gnome-commits mailing list