Import Debian changes 1.6-3
libetpan (1.6-3) unstable; urgency=high
* patches/fix-CVE-2017-8825.diff, patches/series
- Add upstream patch to fix CVE-2017-8825 (Closes: #862151)
* control
- Homepage: point to library's own page
Ricardo Mones
5 years ago
|
0 |
libetpan (1.6-3) unstable; urgency=high
|
|
1 |
|
|
2 |
* patches/fix-CVE-2017-8825.diff, patches/series
|
|
3 |
- Add upstream patch to fix CVE-2017-8825 (Closes: #862151)
|
|
4 |
* control
|
|
5 |
- Homepage: point to library's own page
|
|
6 |
|
|
7 |
-- Ricardo Mones <mones@debian.org> Tue, 30 May 2017 10:16:19 +0200
|
|
8 |
|
0 | 9 |
libetpan (1.6-2) unstable; urgency=medium
|
1 | 10 |
|
2 | 11 |
* control
|
0 | 0 |
Source: libetpan
|
1 | 1 |
Section: mail
|
2 | 2 |
Priority: optional
|
3 | |
Homepage: http://libetpan.sourceforge.net/libetpan
|
|
3 |
Homepage: http://www.etpan.org/libetpan.html
|
4 | 4 |
Maintainer: Ricardo Mones <mones@debian.org>
|
5 | 5 |
Uploaders: Nikita V. Youshchenko <yoush@debian.org>
|
6 | 6 |
Build-Depends: debhelper (>= 9), autotools-dev, libtool, libdb-dev,
|
|
0 |
Description: A null dereference vulnerability has been found in the MIME
|
|
1 |
handling component of LibEtPan before 1.8, as used in MailCore and
|
|
2 |
MailCore 2. A crash can occur in low-level/imf/mailimf.c during a failed
|
|
3 |
parse of a Cc header containing multiple e-mail addresses.
|
|
4 |
Author: Viet Hoa Dinh <dvh@fb.com>
|
|
5 |
Origin: upstream, https://github.com/dinhviethoa/libetpan/commit/1fe8fbc032ccda1db9af66d93016b49c16c1f22d
|
|
6 |
Bug-Debian: https://bugs.debian.org/862151
|
|
7 |
Last-Update: 2017-05-30
|
|
8 |
|
|
9 |
diff --git a/src/low-level/imf/mailimf.c b/src/low-level/imf/mailimf.c
|
|
10 |
index 4554f1c..b557070 100644
|
|
11 |
--- a/src/low-level/imf/mailimf.c
|
|
12 |
+++ b/src/low-level/imf/mailimf.c
|
|
13 |
@@ -3083,6 +3083,7 @@ static int mailimf_group_parse(const char * message, size_t length,
|
|
14 |
struct mailimf_group * group;
|
|
15 |
int r;
|
|
16 |
int res;
|
|
17 |
+ clist * list;
|
|
18 |
|
|
19 |
cur_token = * indx;
|
|
20 |
|
|
21 |
@@ -3110,6 +3111,17 @@ static int mailimf_group_parse(const char * message, size_t length,
|
|
22 |
res = r;
|
|
23 |
goto free_display_name;
|
|
24 |
}
|
|
25 |
+ list = clist_new();
|
|
26 |
+ if (list == NULL) {
|
|
27 |
+ res = MAILIMF_ERROR_MEMORY;
|
|
28 |
+ goto free_display_name;
|
|
29 |
+ }
|
|
30 |
+ mailbox_list = mailimf_mailbox_list_new(list);
|
|
31 |
+ if (mailbox_list == NULL) {
|
|
32 |
+ res = MAILIMF_ERROR_MEMORY;
|
|
33 |
+ clist_free(list);
|
|
34 |
+ goto free_display_name;
|
|
35 |
+ }
|
|
36 |
break;
|
|
37 |
default:
|
|
38 |
res = r;
|
0 | 0 |
11_use_openjade.diff
|
|
1 |
fix-CVE-2017-8825.diff
|