Commit 687de836715df0b8eacaa068c2574cc467758f1a - cyrus-imapd

Add patch to fix arbitrary code execution via CalDAV (Closes: CVE-2019-11356) Xavier Guimard 4 years ago

2 changed file(s) with 32 addition(s) and 0 deletion(s). Raw diff Collapse all Expand all

+31

-0

debian/patches/0019-CVE-2019-11356.patch less more

	0	Description: <short summary of the patch>
	1	Description: Fix for CVE-2019-11356
	2	Author: Ken Murchison <murch@fastmail.com>
	3	Origin: upstream, https://github.com/cyrusimap/cyrus-imapd/commit/a5779db8
	4	Bug: https://security-tracker.debian.org/tracker/CVE-2019-11356
	5	Forwarded: not-needed
	6	Reviewed-By: Xavier Guimard <yadd@debian.org>
	7	Last-Update: 2019-06-07
	8
	9	--- a/imap/http_caldav.c
	10	+++ b/imap/http_caldav.c
	11	@@ -2593,7 +2593,7 @@
	12	/* Check if this is an empty property error */
	13	char propname[256];
	14	if (sscanf(errstr,
	15	- "No value for %s property", propname) == 1) {
	16	+ "No value for %255s property", propname) == 1) {
	17	/* Empty LOCATION is OK */
	18	if (!strcasecmp(propname, "LOCATION")) continue;
	19	if (!strcasecmp(propname, "COMMENT")) continue;
	20	--- a/imap/httpd.c
	21	+++ b/imap/httpd.c
	22	@@ -1529,7 +1529,7 @@
	23	memset(&tm, 0, sizeof(struct tm));
	24	tm.tm_isdst = -1;
	25	sscanf(time, "%02d:%02d:%02d", &tm.tm_hour, &tm.tm_min, &tm.tm_sec);
	26	- sscanf(date, "%s %2d %4d", month, &tm.tm_mday, &tm.tm_year);
	27	+ sscanf(date, "%3s %2d %4d", month, &tm.tm_mday, &tm.tm_year);
	28	tm.tm_year -= 1900;
	29	for (tm.tm_mon = 0; tm.tm_mon < 12; tm.tm_mon++) {
	30	if (!strcmp(month, monthname[tm.tm_mon])) break;

-0

debian/patches/series less more

15	15	0016-Use-UnicodeData.txt-from-system.patch
16	16	0017-libisieve-has-to-be-noinst_LTLIBRARY-for-PIC-code-to.patch
17	17	0018-Replace-struct-sched_param-with-struct-caldav_sched_.patch
	18	0019-CVE-2019-11356.patch