[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#991716: marked as done (unblock: neomutt/20201127+dfsg.1-1.2)

Your message dated Sat, 31 Jul 2021 15:26:06 +0000
with message-id <E1m9qsI-000709-Pj@respighi.debian.org>
and subject line unblock neomutt
has caused the Debian Bug report #991716,
regarding unblock: neomutt/20201127+dfsg.1-1.2
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
991716: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991716
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

Please unblock package neomutt. It fixes a security issue,
which was already fixed in buster. Debdiff below.

unblock neomutt/20201127+dfsg.1-1.2

Cheers,
        Moritz

diff -Nru neomutt-20201127+dfsg.1/debian/changelog neomutt-20201127+dfsg.1/debian/changelog
--- neomutt-20201127+dfsg.1/debian/changelog	2021-03-16 20:37:31.000000000 +0100
+++ neomutt-20201127+dfsg.1/debian/changelog	2021-07-29 23:13:20.000000000 +0200
@@ -1,3 +1,10 @@
+neomutt (20201127+dfsg.1-1.2) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Fix CVE-2021-32055 (Closes: #988107)
+
+ -- Moritz Muehlenhoff <jmm@debian.org>  Thu, 29 Jul 2021 23:13:20 +0200
+
 neomutt (20201127+dfsg.1-1.1) unstable; urgency=medium
 
   * Non-maintainer upload.
diff -Nru neomutt-20201127+dfsg.1/debian/patches/series neomutt-20201127+dfsg.1/debian/patches/series
--- neomutt-20201127+dfsg.1/debian/patches/series	2021-03-16 20:37:31.000000000 +0100
+++ neomutt-20201127+dfsg.1/debian/patches/series	2021-07-29 23:13:12.000000000 +0200
@@ -4,3 +4,4 @@
 misc/smime.rc.patch
 upstream/981306-mime-forwarding.patch
 upstream/redraw-on-sigwinch.patch
+upstream/CVE-2021-32055.patch
diff -Nru neomutt-20201127+dfsg.1/debian/patches/upstream/CVE-2021-32055.patch neomutt-20201127+dfsg.1/debian/patches/upstream/CVE-2021-32055.patch
--- neomutt-20201127+dfsg.1/debian/patches/upstream/CVE-2021-32055.patch	1970-01-01 01:00:00.000000000 +0100
+++ neomutt-20201127+dfsg.1/debian/patches/upstream/CVE-2021-32055.patch	2021-07-29 23:12:31.000000000 +0200
@@ -0,0 +1,34 @@
+From fa1db5785e5cfd9d3cd27b7571b9fe268d2ec2dc Mon Sep 17 00:00:00 2001
+From: Kevin McCarthy <kevin@8t8.us>
+Date: Mon, 3 May 2021 13:11:30 -0700
+Subject: [PATCH] Fix seqset iterator when it ends in a comma
+
+If the seqset ended with a comma, the substr_end marker would be just
+before the trailing nul.  In the next call, the loop to skip the
+marker would iterate right past the end of string too.
+
+The fix is simple: place the substr_end marker and skip past it
+immediately.
+---
+ imap/util.c | 4 +---
+ 1 file changed, 1 insertion(+), 3 deletions(-)
+
+diff --git a/imap/util.c b/imap/util.c
+index 52aff7da0a..27fb862954 100644
+--- a/imap/util.c
++++ b/imap/util.c
+@@ -1119,13 +1119,11 @@ int mutt_seqset_iterator_next(struct SeqsetIterator *iter, unsigned int *next)
+     if (iter->substr_cur == iter->eostr)
+       return 1;
+ 
+-    while (!*(iter->substr_cur))
+-      iter->substr_cur++;
+     iter->substr_end = strchr(iter->substr_cur, ',');
+     if (!iter->substr_end)
+       iter->substr_end = iter->eostr;
+     else
+-      *(iter->substr_end) = '\0';
++      *(iter->substr_end++) = '\0';
+ 
+     char *range_sep = strchr(iter->substr_cur, ':');
+     if (range_sep)

--- End Message ---
--- Begin Message --- 
Unblocked.

--- End Message ---
Reply to: