[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#991716: unblock: neomutt/20201127+dfsg.1-1.2

Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

Please unblock package neomutt. It fixes a security issue,
which was already fixed in buster. Debdiff below.

unblock neomutt/20201127+dfsg.1-1.2

Cheers,
        Moritz

diff -Nru neomutt-20201127+dfsg.1/debian/changelog neomutt-20201127+dfsg.1/debian/changelog
--- neomutt-20201127+dfsg.1/debian/changelog	2021-03-16 20:37:31.000000000 +0100
+++ neomutt-20201127+dfsg.1/debian/changelog	2021-07-29 23:13:20.000000000 +0200
@@ -1,3 +1,10 @@
+neomutt (20201127+dfsg.1-1.2) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Fix CVE-2021-32055 (Closes: #988107)
+
+ -- Moritz Muehlenhoff <jmm@debian.org>  Thu, 29 Jul 2021 23:13:20 +0200
+
 neomutt (20201127+dfsg.1-1.1) unstable; urgency=medium
 
   * Non-maintainer upload.
diff -Nru neomutt-20201127+dfsg.1/debian/patches/series neomutt-20201127+dfsg.1/debian/patches/series
--- neomutt-20201127+dfsg.1/debian/patches/series	2021-03-16 20:37:31.000000000 +0100
+++ neomutt-20201127+dfsg.1/debian/patches/series	2021-07-29 23:13:12.000000000 +0200
@@ -4,3 +4,4 @@
 misc/smime.rc.patch
 upstream/981306-mime-forwarding.patch
 upstream/redraw-on-sigwinch.patch
+upstream/CVE-2021-32055.patch
diff -Nru neomutt-20201127+dfsg.1/debian/patches/upstream/CVE-2021-32055.patch neomutt-20201127+dfsg.1/debian/patches/upstream/CVE-2021-32055.patch
--- neomutt-20201127+dfsg.1/debian/patches/upstream/CVE-2021-32055.patch	1970-01-01 01:00:00.000000000 +0100
+++ neomutt-20201127+dfsg.1/debian/patches/upstream/CVE-2021-32055.patch	2021-07-29 23:12:31.000000000 +0200
@@ -0,0 +1,34 @@
+From fa1db5785e5cfd9d3cd27b7571b9fe268d2ec2dc Mon Sep 17 00:00:00 2001
+From: Kevin McCarthy <kevin@8t8.us>
+Date: Mon, 3 May 2021 13:11:30 -0700
+Subject: [PATCH] Fix seqset iterator when it ends in a comma
+
+If the seqset ended with a comma, the substr_end marker would be just
+before the trailing nul.  In the next call, the loop to skip the
+marker would iterate right past the end of string too.
+
+The fix is simple: place the substr_end marker and skip past it
+immediately.
+---
+ imap/util.c | 4 +---
+ 1 file changed, 1 insertion(+), 3 deletions(-)
+
+diff --git a/imap/util.c b/imap/util.c
+index 52aff7da0a..27fb862954 100644
+--- a/imap/util.c
++++ b/imap/util.c
+@@ -1119,13 +1119,11 @@ int mutt_seqset_iterator_next(struct SeqsetIterator *iter, unsigned int *next)
+     if (iter->substr_cur == iter->eostr)
+       return 1;
+ 
+-    while (!*(iter->substr_cur))
+-      iter->substr_cur++;
+     iter->substr_end = strchr(iter->substr_cur, ',');
+     if (!iter->substr_end)
+       iter->substr_end = iter->eostr;
+     else
+-      *(iter->substr_end) = '\0';
++      *(iter->substr_end++) = '\0';
+ 
+     char *range_sep = strchr(iter->substr_cur, ':');
+     if (range_sep)
Reply to: