Hello community, here is the log from the commit of package mutt checked in at Wed Jun 28 18:54:26 CEST 2006. -------- --- mutt/mutt.changes 2006-01-25 21:38:29.000000000 +0100 +++ mutt/mutt.changes 2006-06-28 13:50:14.000000000 +0200 @@ -1,0 +2,5 @@ +Wed Jun 28 13:49:59 CEST 2006 - werner@suse.de + +- Fix mutt IMAP buffer overflow in namespace parsing (bug #188872) + +------------------------------------------------------------------- New: ---- mutt-1.5.9i-imap-namespace.dif ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ mutt.spec ++++++ --- /var/tmp/diff_new_pack.lAY3QM/_old 2006-06-28 18:54:06.000000000 +0200 +++ /var/tmp/diff_new_pack.lAY3QM/_new 2006-06-28 18:54:06.000000000 +0200 @@ -5,7 +5,7 @@ # This file and all modifications and additions to the pristine # package are under the same license as the package itself. # -# Please submit bugfixes or comments via http://bugs.opensuse.org +# Please submit bugfixes or comments via http://bugs.opensuse.org/ # # norootforbuild @@ -25,8 +25,8 @@ #Requires: desktop-data-SuSE Autoreqprov: on Version: 1.5.9i -Release: 14 -Summary: Mail program +Release: 27 +Summary: Mail Program BuildRoot: %{_tmppath}/%{name}-%{version}-build Source0: %name-%version.tar.bz2 Source1: Signature_conversion @@ -41,11 +41,12 @@ Patch7: %name-1.5.9i-smimesegfault.diff Patch8: patch-1.5.5.1.nt.xtitles.3.ab.1 Patch9: patch-1.5.11.tamo.badsig_mtime.1 +Patch10: mutt-1.5.9i-imap-namespace.dif %description -A very powerful mail user agent. It supports (amongst other nice -things) highlighting, threading, and PGP. It takes some time to get -used to though. +A very powerful mail user agent. It supports (among other nice things) +highlighting, threading, and PGP. It takes some time to get used to, +however. @@ -64,7 +65,8 @@ %patch6 -p1 %patch7 -p0 %patch8 -p1 -%patch9 +%patch9 -p0 +%patch10 -p0 cp Muttrc Muttrc.SuSE cp %{S:2} . @@ -137,6 +139,8 @@ %config(noreplace) /etc/Muttrc %changelog -n mutt +* Wed Jun 28 2006 - werner@suse.de +- Fix mutt IMAP buffer overflow in namespace parsing (bug #188872) * Wed Jan 25 2006 - mls@suse.de - converted neededforbuild to BuildRequires * Mon Jan 16 2006 - mmj@suse.de ++++++ mutt-1.5.9i-imap-namespace.dif ++++++ --- imap/browse.c +++ imap/browse.c 2006-06-28 13:20:57.000000000 +0200 @@ -505,7 +505,7 @@ if (*s == '\"') { s++; - while (*s && *s != '\"') + while (*s && *s != '\"' && n < sizeof (ns) - 1) { if (*s == '\\') s++; @@ -516,12 +516,14 @@ s++; } else - while (*s && !ISSPACE (*s)) + while (*s && !ISSPACE (*s) && n < sizeof (ns) - 1) { ns[n++] = *s; s++; } ns[n] = '\0'; + if (n == sizeof (ns) - 1) + dprint (1, (debugfile, "browse_get_namespace: too long: [%s]\n", ns)); /* delim? */ s = imap_next_word (s); /* delimiter is meaningless if namespace is "". Why does ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-commit-unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit-help@opensuse.org