Codebase list libetpan / 4cda614
Import Debian changes 1.6-3 libetpan (1.6-3) unstable; urgency=high * patches/fix-CVE-2017-8825.diff, patches/series - Add upstream patch to fix CVE-2017-8825 (Closes: #862151) * control - Homepage: point to library's own page Ricardo Mones 5 years ago
4 changed file(s) with 50 addition(s) and 1 deletion(s). Raw diff Collapse all Expand all
+9
-0
debian/changelog less more
0 libetpan (1.6-3) unstable; urgency=high
1
2 * patches/fix-CVE-2017-8825.diff, patches/series
3 - Add upstream patch to fix CVE-2017-8825 (Closes: #862151)
4 * control
5 - Homepage: point to library's own page
6
7 -- Ricardo Mones <mones@debian.org> Tue, 30 May 2017 10:16:19 +0200
8
09 libetpan (1.6-2) unstable; urgency=medium
110
211 * control
+1
-1
debian/control less more
00 Source: libetpan
11 Section: mail
22 Priority: optional
3 Homepage: http://libetpan.sourceforge.net/libetpan
3 Homepage: http://www.etpan.org/libetpan.html
44 Maintainer: Ricardo Mones <mones@debian.org>
55 Uploaders: Nikita V. Youshchenko <yoush@debian.org>
66 Build-Depends: debhelper (>= 9), autotools-dev, libtool, libdb-dev,
+39
-0
debian/patches/fix-CVE-2017-8825.diff less more
0 Description: A null dereference vulnerability has been found in the MIME
1 handling component of LibEtPan before 1.8, as used in MailCore and
2 MailCore 2. A crash can occur in low-level/imf/mailimf.c during a failed
3 parse of a Cc header containing multiple e-mail addresses.
4 Author: Viet Hoa Dinh <dvh@fb.com>
5 Origin: upstream, https://github.com/dinhviethoa/libetpan/commit/1fe8fbc032ccda1db9af66d93016b49c16c1f22d
6 Bug-Debian: https://bugs.debian.org/862151
7 Last-Update: 2017-05-30
8
9 diff --git a/src/low-level/imf/mailimf.c b/src/low-level/imf/mailimf.c
10 index 4554f1c..b557070 100644
11 --- a/src/low-level/imf/mailimf.c
12 +++ b/src/low-level/imf/mailimf.c
13 @@ -3083,6 +3083,7 @@ static int mailimf_group_parse(const char * message, size_t length,
14 struct mailimf_group * group;
15 int r;
16 int res;
17 + clist * list;
18
19 cur_token = * indx;
20
21 @@ -3110,6 +3111,17 @@ static int mailimf_group_parse(const char * message, size_t length,
22 res = r;
23 goto free_display_name;
24 }
25 + list = clist_new();
26 + if (list == NULL) {
27 + res = MAILIMF_ERROR_MEMORY;
28 + goto free_display_name;
29 + }
30 + mailbox_list = mailimf_mailbox_list_new(list);
31 + if (mailbox_list == NULL) {
32 + res = MAILIMF_ERROR_MEMORY;
33 + clist_free(list);
34 + goto free_display_name;
35 + }
36 break;
37 default:
38 res = r;
+1
-0
debian/patches/series less more
00 11_use_openjade.diff
1 fix-CVE-2017-8825.diff