mirror of
https://git.in.rschanz.org/ryan77627/guix.git
synced 2025-01-11 05:39:41 -05:00
gnu: procmail: Fix CVE-2014-3618.
* gnu/packages/patches/procmail-CVE-2014-3618.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/mail.scm (procmail): Use it.
This commit is contained in:
parent
c68d8126f9
commit
1d982d787d
3 changed files with 29 additions and 1 deletions
|
@ -689,6 +689,7 @@ dist_patch_DATA = \
|
|||
%D%/packages/patches/portaudio-audacity-compat.patch \
|
||||
%D%/packages/patches/portmidi-modular-build.patch \
|
||||
%D%/packages/patches/procmail-ambiguous-getline-debian.patch \
|
||||
%D%/packages/patches/procmail-CVE-2014-3618.patch \
|
||||
%D%/packages/patches/pt-scotch-build-parallelism.patch \
|
||||
%D%/packages/patches/pulseaudio-fix-mult-test.patch \
|
||||
%D%/packages/patches/pulseaudio-longer-test-timeout.patch \
|
||||
|
|
|
@ -1149,7 +1149,8 @@ (define-public procmail
|
|||
;; The following patch fixes an ambiguous definition of
|
||||
;; getline() in formail.c. The patch is provided by Debian as
|
||||
;; patch 24.
|
||||
(patches (search-patches "procmail-ambiguous-getline-debian.patch"))))
|
||||
(patches (search-patches "procmail-ambiguous-getline-debian.patch"
|
||||
"procmail-CVE-2014-3618.patch"))))
|
||||
(arguments
|
||||
`(#:phases (modify-phases %standard-phases
|
||||
(replace 'configure
|
||||
|
|
26
gnu/packages/patches/procmail-CVE-2014-3618.patch
Normal file
26
gnu/packages/patches/procmail-CVE-2014-3618.patch
Normal file
|
@ -0,0 +1,26 @@
|
|||
Fixes CVE-2014-3618 (heap overflow in formisc.c allowing denial of
|
||||
service and potential remote execution of arbitrary code).
|
||||
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3618
|
||||
|
||||
Source:
|
||||
http://seclists.org/oss-sec/2014/q3/495
|
||||
|
||||
Adopted by Debian as patch '27':
|
||||
https://sources.debian.net/src/procmail/3.22-25/debian/patches/27/
|
||||
|
||||
--- a/src/formisc.c
|
||||
+++ b/src/formisc.c
|
||||
@@ -84,12 +84,11 @@
|
||||
case '"':*target++=delim='"';start++;
|
||||
}
|
||||
;{ int i;
|
||||
- do
|
||||
+ while(*start)
|
||||
if((i= *target++= *start++)==delim) /* corresponding delimiter? */
|
||||
break;
|
||||
else if(i=='\\'&&*start) /* skip quoted character */
|
||||
*target++= *start++;
|
||||
- while(*start); /* anything? */
|
||||
}
|
||||
hitspc=2;
|
||||
}
|
Loading…
Reference in a new issue