Bug#771595: marked as done (unblock: mutt/1.5.23-2)

To: Niels Thykier <niels@thykier.net>
Subject: Bug#771595: marked as done (unblock: mutt/1.5.23-2)
From: owner@bugs.debian.org (Debian Bug Tracking System)
Date: Sun, 30 Nov 2014 22:27:21 +0000
Message-id: <[🔎] handler.771595.D771595.141738625228067.ackdone@bugs.debian.org>
References: <547B9902.6030700@thykier.net> <[🔎] 20141130220641.3611.70140.reportbug@susanna.dyne.org>

Your message dated Sun, 30 Nov 2014 23:24:02 +0100
with message-id <547B9902.6030700@thykier.net>
and subject line Re: Bug#771595: unblock: mutt/1.5.23-2
has caused the Debian Bug report #771595,
regarding unblock: mutt/1.5.23-2
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
771595: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=771595
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: unblock: mutt/1.5.23-2
From: Antonio Radici <antonio@debian.org>
Date: Sun, 30 Nov 2014 22:06:41 +0000
Message-id: <[🔎] 20141130220641.3611.70140.reportbug@susanna.dyne.org>

Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

Please unblock package mutt

This version addessses DSA-3083 and CVE2014-9116.
Tracking bug: 771125

Debdiff against 1.5.23-1.1 attached

unblock mutt/1.5.23-2

-- System Information:
Debian Release: 7.5
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.12-0.bpo.1-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_IE.UTF-8, LC_CTYPE=en_IE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

diff -Nru mutt-1.5.23/debian/changelog mutt-1.5.23/debian/changelog
--- mutt-1.5.23/debian/changelog	2014-08-17 12:43:01.000000000 +0100
+++ mutt-1.5.23/debian/changelog	2014-11-29 18:40:59.000000000 +0000
@@ -1,3 +1,11 @@
+mutt (1.5.23-2) unstable; urgency=medium
+
+  * Created upstream/771125-CVE-2014-9116-jessie.patch to address
+    CVE-2014-9116; the patch prevent mutt_substrdup from being used in a way
+    that can lead to a segfault.
+
+ -- Antonio Radici <antonio@dyne.org>  Sat, 29 Nov 2014 18:13:56 +0000
+
 mutt (1.5.23-1.1) unstable; urgency=medium
 
   * Non-maintainer upload.
diff -Nru mutt-1.5.23/debian/patches/series mutt-1.5.23/debian/patches/series
--- mutt-1.5.23/debian/patches/series	2014-03-16 15:06:06.000000000 +0000
+++ mutt-1.5.23/debian/patches/series	2014-11-29 18:40:59.000000000 +0000
@@ -34,6 +34,7 @@
 upstream/611410-no-implicit_autoview-for-text-html.patch
 upstream/path_max.patch
 translations/update_german_translation.patch
+upstream/771125-CVE-2014-9116-jessie.patch
 __separator__mutt.org.patch
 mutt-patched/sidebar.patch
 mutt-patched/sidebar-dotpathsep.patch
diff -Nru mutt-1.5.23/debian/patches/upstream/771125-CVE-2014-9116-jessie.patch mutt-1.5.23/debian/patches/upstream/771125-CVE-2014-9116-jessie.patch
--- mutt-1.5.23/debian/patches/upstream/771125-CVE-2014-9116-jessie.patch	1970-01-01 01:00:00.000000000 +0100
+++ mutt-1.5.23/debian/patches/upstream/771125-CVE-2014-9116-jessie.patch	2014-11-29 18:40:59.000000000 +0000
@@ -0,0 +1,39 @@
+This patch solves the issue raised by CVE-2014-9116 in bug 771125.
+
+We correctly redefine what are the whitespace characters as per RFC5322; by
+doing so we prevent mutt_substrdup from being used in a way that could lead to
+a segfault.
+
+The lib.c part was written by Antonio Radici <antonio@debian.org> to prevent
+crashes due to this kind of bugs from happening again.
+
+The wheezy version of this patch is slightly different, therefore this patch
+has -jessie prefixed in its name.
+
+Index: mutt/lib.c
+===================================================================
+--- mutt.orig/lib.c
++++ mutt/lib.c
+@@ -815,6 +815,9 @@ char *mutt_substrdup (const char *begin,
+   size_t len;
+   char *p;
+ 
++  if (end != NULL && end < begin)
++    return NULL;
++
+   if (end)
+     len = end - begin;
+   else
+Index: mutt/lib.h
+===================================================================
+--- mutt.orig/lib.h
++++ mutt/lib.h
+@@ -98,7 +98,7 @@
+    on some systems */
+ # define SKIPWS(c) while (*(c) && isspace ((unsigned char) *(c))) c++;
+ 
+-#define EMAIL_WSP " \t\r\n"
++#define EMAIL_WSP " \t\r"
+ 
+ /* skip over WSP as defined by RFC5322.  This is used primarily for parsing
+  * header fields. */

--- End Message ---

--- Begin Message ---

To: Antonio Radici <antonio@debian.org>, 771595-done@bugs.debian.org

Subject: Re: Bug#771595: unblock: mutt/1.5.23-2

From: Niels Thykier <niels@thykier.net>

Date: Sun, 30 Nov 2014 23:24:02 +0100

Message-id: <547B9902.6030700@thykier.net>

In-reply-to: <[🔎] 20141130220641.3611.70140.reportbug@susanna.dyne.org>

References: <[🔎] 20141130220641.3611.70140.reportbug@susanna.dyne.org>
On 2014-11-30 23:06, Antonio Radici wrote:
> Package: release.debian.org
> Severity: normal
> User: release.debian.org@packages.debian.org
> Usertags: unblock
> 
> Please unblock package mutt
> 
> This version addessses DSA-3083 and CVE2014-9116.
> Tracking bug: 771125
> 
> Debdiff against 1.5.23-1.1 attached
> 
> unblock mutt/1.5.23-2
> 
> [...]

Unblocked, thanks.

~Niels
--- End Message ---

Reply to:

References:
- Bug#771595: unblock: mutt/1.5.23-2
  - From: Antonio Radici <antonio@debian.org>

Prev by Date: Bug#771594: marked as done (unblock: libreoffice/1:4.3.3-2)
Next by Date: Bug#771502: marked as done (Pre-approval for evolution/3.12.9~git20141130.241663-1)
Previous by thread: Bug#771595: unblock: mutt/1.5.23-2
Next by thread: Bug#771598: unblock: gvfs/1.22.2-1
Index(es):
- Date
- Thread