mirror of
https://github.com/openembedded/meta-openembedded.git
synced 2026-07-16 04:17:25 +00:00
procmail: patch CVE-2014-3618
Take patch from Debian.
https://sources.debian.org/data/main/p/procmail/3.22-20%2Bdeb7u1/debian/patches/CVE-2014-3618.patch
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 8378820dab)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
This commit is contained in:
committed by
Gyorgy Sarvari
parent
746ef0c9fb
commit
3de4b5bc92
@@ -0,0 +1,29 @@
|
|||||||
|
Description: Fix heap-overflow in formail
|
||||||
|
CVE-2014-3618: Heap-overflow in formail when processing
|
||||||
|
specially-crafted email headers.
|
||||||
|
Origin: http://www.openwall.com/lists/oss-security/2014/09/03/8
|
||||||
|
Bug-Debian: https://bugs.debian.org/704675
|
||||||
|
Bug-Debian: https://bugs.debian.org/760443
|
||||||
|
Forwarded: not-needed
|
||||||
|
Last-Update: 2014-09-04
|
||||||
|
|
||||||
|
CVE: CVE-2014-3618
|
||||||
|
Upstream-Status: Inactive-Upstream [lastrelease: 2001]
|
||||||
|
Signed-off-by: Peter Marko <peter.marko@siemens.com>
|
||||||
|
|
||||||
|
--- a/src/formisc.c
|
||||||
|
+++ b/src/formisc.c
|
||||||
|
@@ -84,12 +84,11 @@ normal: *target++= *start++;
|
||||||
|
case '"':*target++=delim='"';start++;
|
||||||
|
}
|
||||||
|
;{ int i;
|
||||||
|
- do
|
||||||
|
+ while(*start)
|
||||||
|
if((i= *target++= *start++)==delim) /* corresponding delimiter? */
|
||||||
|
break;
|
||||||
|
else if(i=='\\'&&*start) /* skip quoted character */
|
||||||
|
*target++= *start++;
|
||||||
|
- while(*start); /* anything? */
|
||||||
|
}
|
||||||
|
hitspc=2;
|
||||||
|
}
|
||||||
@@ -12,7 +12,9 @@ SRC_URI = "http://www.ring.gr.jp/archives/net/mail/${BPN}/${BP}.tar.gz \
|
|||||||
file://from-debian-to-fix-compile-errors.patch \
|
file://from-debian-to-fix-compile-errors.patch \
|
||||||
file://from-debian-to-modify-parameters.patch \
|
file://from-debian-to-modify-parameters.patch \
|
||||||
file://from-debian-to-fix-man-file.patch \
|
file://from-debian-to-fix-man-file.patch \
|
||||||
file://man-file-mailstat.1-from-debian.patch"
|
file://man-file-mailstat.1-from-debian.patch \
|
||||||
|
file://CVE-2014-3618.patch \
|
||||||
|
"
|
||||||
SRC_URI[md5sum] = "1678ea99b973eb77eda4ecf6acae53f1"
|
SRC_URI[md5sum] = "1678ea99b973eb77eda4ecf6acae53f1"
|
||||||
SRC_URI[sha256sum] = "087c75b34dd33d8b9df5afe9e42801c9395f4bf373a784d9bc97153b0062e117"
|
SRC_URI[sha256sum] = "087c75b34dd33d8b9df5afe9e42801c9395f4bf373a784d9bc97153b0062e117"
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user