r15687 - in /packages/etch/balsa/debian: changelog patches/01_CVE-2007-5007.patch
joss at users.alioth.debian.org
joss at users.alioth.debian.org
Fri Apr 18 11:26:17 UTC 2008
Author: joss
Date: Fri Apr 18 11:26:17 2008
New Revision: 15687
URL: http://svn.debian.org/wsvn/pkg-gnome/?sc=1&rev=15687
Log:
01_CVE-2007-5007.patch: fix for stack-based buffer overflow in the
ir_fetch_seq function, which might allow remote IMAP servers to
execute arbitrary code via a long response to a FETCH command.
Thanks Evil Ninja Squirrel for discovering the issue and providing a
patch, and Nico Golde for signaling it.
Added:
packages/etch/balsa/debian/patches/01_CVE-2007-5007.patch
Modified:
packages/etch/balsa/debian/changelog
Modified: packages/etch/balsa/debian/changelog
URL: http://svn.debian.org/wsvn/pkg-gnome/packages/etch/balsa/debian/changelog?rev=15687&op=diff
==============================================================================
--- packages/etch/balsa/debian/changelog (original)
+++ packages/etch/balsa/debian/changelog Fri Apr 18 11:26:17 2008
@@ -1,3 +1,13 @@
+balsa (2.3.13-3) stable; urgency=low
+
+ * 01_CVE-2007-5007.patch: fix for stack-based buffer overflow in the
+ ir_fetch_seq function, which might allow remote IMAP servers to
+ execute arbitrary code via a long response to a FETCH command.
+ Thanks Evil Ninja Squirrel for discovering the issue and providing a
+ patch, and Nico Golde for signaling it.
+
+ -- Josselin Mouette <joss at debian.org> Fri, 18 Apr 2008 13:23:27 +0200
+
balsa (2.3.13-2) unstable; urgency=low
* Rebuild against libgmime-2.0-2-dev which supersedes libgmime2.1-dev.
Added: packages/etch/balsa/debian/patches/01_CVE-2007-5007.patch
URL: http://svn.debian.org/wsvn/pkg-gnome/packages/etch/balsa/debian/patches/01_CVE-2007-5007.patch?rev=15687&op=file
==============================================================================
--- packages/etch/balsa/debian/patches/01_CVE-2007-5007.patch (added)
+++ packages/etch/balsa/debian/patches/01_CVE-2007-5007.patch Fri Apr 18 11:26:17 2008
@@ -1,0 +1,13 @@
+Index: libbalsa/imap/imap-handle.c
+===================================================================
+--- libbalsa/imap/imap-handle.c (revision 7691)
++++ libbalsa/imap/imap-handle.c (working copy)
+@@ -3606,7 +3606,7 @@
+ if(seqno<1 || seqno > h->exists) return IMR_PROTOCOL;
+ if(sio_getc(h->sio) != '(') return IMR_PROTOCOL;
+ do {
+- for(i=0; (c = sio_getc(h->sio)) != -1; i++) {
++ for(i=0; ((c = sio_getc(h->sio)) != -1) && (i < LONG_STRING - 1); i++) {
+ c = toupper(c);
+ if( !( (c >='A' && c<='Z') || (c >='0' && c<='9') || c == '.') ) break;
+ atom[i] = c;
More information about the pkg-gnome-commits
mailing list