Bug#771595: unblock: mutt/1.5.23-2
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock
Please unblock package mutt
This version addessses DSA-3083 and CVE2014-9116.
Tracking bug: 771125
Debdiff against 1.5.23-1.1 attached
unblock mutt/1.5.23-2
-- System Information:
Debian Release: 7.5
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.12-0.bpo.1-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_IE.UTF-8, LC_CTYPE=en_IE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
diff -Nru mutt-1.5.23/debian/changelog mutt-1.5.23/debian/changelog
--- mutt-1.5.23/debian/changelog 2014-08-17 12:43:01.000000000 +0100
+++ mutt-1.5.23/debian/changelog 2014-11-29 18:40:59.000000000 +0000
@@ -1,3 +1,11 @@
+mutt (1.5.23-2) unstable; urgency=medium
+
+ * Created upstream/771125-CVE-2014-9116-jessie.patch to address
+ CVE-2014-9116; the patch prevent mutt_substrdup from being used in a way
+ that can lead to a segfault.
+
+ -- Antonio Radici <antonio@dyne.org> Sat, 29 Nov 2014 18:13:56 +0000
+
mutt (1.5.23-1.1) unstable; urgency=medium
* Non-maintainer upload.
diff -Nru mutt-1.5.23/debian/patches/series mutt-1.5.23/debian/patches/series
--- mutt-1.5.23/debian/patches/series 2014-03-16 15:06:06.000000000 +0000
+++ mutt-1.5.23/debian/patches/series 2014-11-29 18:40:59.000000000 +0000
@@ -34,6 +34,7 @@
upstream/611410-no-implicit_autoview-for-text-html.patch
upstream/path_max.patch
translations/update_german_translation.patch
+upstream/771125-CVE-2014-9116-jessie.patch
__separator__mutt.org.patch
mutt-patched/sidebar.patch
mutt-patched/sidebar-dotpathsep.patch
diff -Nru mutt-1.5.23/debian/patches/upstream/771125-CVE-2014-9116-jessie.patch mutt-1.5.23/debian/patches/upstream/771125-CVE-2014-9116-jessie.patch
--- mutt-1.5.23/debian/patches/upstream/771125-CVE-2014-9116-jessie.patch 1970-01-01 01:00:00.000000000 +0100
+++ mutt-1.5.23/debian/patches/upstream/771125-CVE-2014-9116-jessie.patch 2014-11-29 18:40:59.000000000 +0000
@@ -0,0 +1,39 @@
+This patch solves the issue raised by CVE-2014-9116 in bug 771125.
+
+We correctly redefine what are the whitespace characters as per RFC5322; by
+doing so we prevent mutt_substrdup from being used in a way that could lead to
+a segfault.
+
+The lib.c part was written by Antonio Radici <antonio@debian.org> to prevent
+crashes due to this kind of bugs from happening again.
+
+The wheezy version of this patch is slightly different, therefore this patch
+has -jessie prefixed in its name.
+
+Index: mutt/lib.c
+===================================================================
+--- mutt.orig/lib.c
++++ mutt/lib.c
+@@ -815,6 +815,9 @@ char *mutt_substrdup (const char *begin,
+ size_t len;
+ char *p;
+
++ if (end != NULL && end < begin)
++ return NULL;
++
+ if (end)
+ len = end - begin;
+ else
+Index: mutt/lib.h
+===================================================================
+--- mutt.orig/lib.h
++++ mutt/lib.h
+@@ -98,7 +98,7 @@
+ on some systems */
+ # define SKIPWS(c) while (*(c) && isspace ((unsigned char) *(c))) c++;
+
+-#define EMAIL_WSP " \t\r\n"
++#define EMAIL_WSP " \t\r"
+
+ /* skip over WSP as defined by RFC5322. This is used primarily for parsing
+ * header fields. */
Reply to: