[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
branch master updated: gnu: Mutt: Fix CVE-2021-3181.
|
From: |
guix-commits |
|
Subject: |
branch master updated: gnu: Mutt: Fix CVE-2021-3181. |
|
Date: |
Wed, 20 Jan 2021 19:36:52 -0500 |
This is an automated email from the git hooks/post-receive script.
lfam pushed a commit to branch master
in repository guix.
The following commit(s) were added to refs/heads/master by this push:
new 708d3ec gnu: Mutt: Fix CVE-2021-3181.
708d3ec is described below
commit 708d3ec0de9cfffc933615d92825906efacd4c6d
Author: Leo Famulari <leo@famulari.name>
AuthorDate: Wed Jan 20 19:35:37 2021 -0500
gnu: Mutt: Fix CVE-2021-3181.
* gnu/packages/patches/mutt-CVE-2021-3181.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/mail.scm (mutt)[source]: Use it.
---
gnu/local.mk | 1 +
gnu/packages/mail.scm | 3 +-
gnu/packages/patches/mutt-CVE-2021-3181.patch | 45 +++++++++++++++++++++++++++
3 files changed, 48 insertions(+), 1 deletion(-)
diff --git a/gnu/local.mk b/gnu/local.mk
index c631e44..0553c12 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1385,6 +1385,7 @@ dist_patch_DATA =
\
%D%/packages/patches/mupen64plus-video-z64-glew-correct-path.patch \
%D%/packages/patches/musl-cross-locale.patch \
%D%/packages/patches/mutt-store-references.patch \
+ %D%/packages/patches/mutt-CVE-2021-3181.patch \
%D%/packages/patches/m4-gnulib-libio.patch \
%D%/packages/patches/ncompress-fix-softlinks.patch \
%D%/packages/patches/netcdf-date-time.patch \
diff --git a/gnu/packages/mail.scm b/gnu/packages/mail.scm
index 5b235ee..ab3a195 100644
--- a/gnu/packages/mail.scm
+++ b/gnu/packages/mail.scm
@@ -456,7 +456,8 @@ aliasing facilities to work just as they would on normal
mail.")
(sha256
(base32
"1m4ig69qw4g3lhm4351snmy5i0ch65fqc9vqqdybr6jy21w7w225"))
- (patches (search-patches "mutt-store-references.patch"))))
+ (patches (search-patches "mutt-store-references.patch"
+ "mutt-CVE-2021-3181.patch"))))
(build-system gnu-build-system)
(inputs
`(("cyrus-sasl" ,cyrus-sasl)
diff --git a/gnu/packages/patches/mutt-CVE-2021-3181.patch
b/gnu/packages/patches/mutt-CVE-2021-3181.patch
new file mode 100644
index 0000000..df5214b
--- /dev/null
+++ b/gnu/packages/patches/mutt-CVE-2021-3181.patch
@@ -0,0 +1,45 @@
+Fix CVE-2021-3181:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3181
+
+Patch copied from upstream source repository:
+
+https://gitlab.com/muttmua/mutt/-/commit/c059e20ea4c7cb3ee9ffd3500ffe313ae84b2545
+
+From c059e20ea4c7cb3ee9ffd3500ffe313ae84b2545 Mon Sep 17 00:00:00 2001
+From: Kevin McCarthy <kevin@8t8.us>
+Date: Sun, 17 Jan 2021 10:40:37 -0800
+Subject: [PATCH] Fix memory leak parsing group address.
+
+When there was a group address terminator with no previous addresses,
+an address would be allocated but not attached to the address list.
+
+Change this to only allocate when last exists.
+
+It would be more correct to not allocate at all unless we are inside a
+group list, but I will address that in a separate commit to master.
+---
+ rfc822.c | 5 ++---
+ 1 file changed, 2 insertions(+), 3 deletions(-)
+
+diff --git a/rfc822.c b/rfc822.c
+index 7ff4eaa3..ced619f2 100644
+--- a/rfc822.c
++++ b/rfc822.c
+@@ -587,11 +587,10 @@ ADDRESS *rfc822_parse_adrlist (ADDRESS *top, const char
*s)
+ #endif
+
+ /* add group terminator */
+- cur = rfc822_new_address ();
+ if (last)
+ {
+- last->next = cur;
+- last = cur;
++ last->next = rfc822_new_address ();
++ last = last->next;
+ }
+
+ phraselen = 0;
+--
+GitLab
+
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- branch master updated: gnu: Mutt: Fix CVE-2021-3181.,
guix-commits <=