--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock
Please unblock package neomutt. It fixes a security issue,
which was already fixed in buster. Debdiff below.
unblock neomutt/20201127+dfsg.1-1.2
Cheers,
Moritz
diff -Nru neomutt-20201127+dfsg.1/debian/changelog neomutt-20201127+dfsg.1/debian/changelog
--- neomutt-20201127+dfsg.1/debian/changelog 2021-03-16 20:37:31.000000000 +0100
+++ neomutt-20201127+dfsg.1/debian/changelog 2021-07-29 23:13:20.000000000 +0200
@@ -1,3 +1,10 @@
+neomutt (20201127+dfsg.1-1.2) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * Fix CVE-2021-32055 (Closes: #988107)
+
+ -- Moritz Muehlenhoff <jmm@debian.org> Thu, 29 Jul 2021 23:13:20 +0200
+
neomutt (20201127+dfsg.1-1.1) unstable; urgency=medium
* Non-maintainer upload.
diff -Nru neomutt-20201127+dfsg.1/debian/patches/series neomutt-20201127+dfsg.1/debian/patches/series
--- neomutt-20201127+dfsg.1/debian/patches/series 2021-03-16 20:37:31.000000000 +0100
+++ neomutt-20201127+dfsg.1/debian/patches/series 2021-07-29 23:13:12.000000000 +0200
@@ -4,3 +4,4 @@
misc/smime.rc.patch
upstream/981306-mime-forwarding.patch
upstream/redraw-on-sigwinch.patch
+upstream/CVE-2021-32055.patch
diff -Nru neomutt-20201127+dfsg.1/debian/patches/upstream/CVE-2021-32055.patch neomutt-20201127+dfsg.1/debian/patches/upstream/CVE-2021-32055.patch
--- neomutt-20201127+dfsg.1/debian/patches/upstream/CVE-2021-32055.patch 1970-01-01 01:00:00.000000000 +0100
+++ neomutt-20201127+dfsg.1/debian/patches/upstream/CVE-2021-32055.patch 2021-07-29 23:12:31.000000000 +0200
@@ -0,0 +1,34 @@
+From fa1db5785e5cfd9d3cd27b7571b9fe268d2ec2dc Mon Sep 17 00:00:00 2001
+From: Kevin McCarthy <kevin@8t8.us>
+Date: Mon, 3 May 2021 13:11:30 -0700
+Subject: [PATCH] Fix seqset iterator when it ends in a comma
+
+If the seqset ended with a comma, the substr_end marker would be just
+before the trailing nul. In the next call, the loop to skip the
+marker would iterate right past the end of string too.
+
+The fix is simple: place the substr_end marker and skip past it
+immediately.
+---
+ imap/util.c | 4 +---
+ 1 file changed, 1 insertion(+), 3 deletions(-)
+
+diff --git a/imap/util.c b/imap/util.c
+index 52aff7da0a..27fb862954 100644
+--- a/imap/util.c
++++ b/imap/util.c
+@@ -1119,13 +1119,11 @@ int mutt_seqset_iterator_next(struct SeqsetIterator *iter, unsigned int *next)
+ if (iter->substr_cur == iter->eostr)
+ return 1;
+
+- while (!*(iter->substr_cur))
+- iter->substr_cur++;
+ iter->substr_end = strchr(iter->substr_cur, ',');
+ if (!iter->substr_end)
+ iter->substr_end = iter->eostr;
+ else
+- *(iter->substr_end) = '\0';
++ *(iter->substr_end++) = '\0';
+
+ char *range_sep = strchr(iter->substr_cur, ':');
+ if (range_sep)
--- End Message ---