commit cyrus-imapd for openSUSE:11.4
Hello community, here is the log from the commit of package cyrus-imapd for openSUSE:11.4 checked in at Fri Sep 9 16:23:14 CEST 2011. -------- --- old-versions/11.4/UPDATES/all/cyrus-imapd/cyrus-imapd.changes 2011-05-23 15:36:07.000000000 +0200 +++ 11.4/cyrus-imapd/cyrus-imapd.changes 2011-09-09 09:41:31.000000000 +0200 @@ -1,0 +2,5 @@ +Thu Sep 1 09:08:52 UTC 2011 - rhafer@suse.de + +- Fixed a buffer overflow in nntpd (bnc#715251) + +------------------------------------------------------------------- calling whatdependson for 11.4-i586 New: ---- cyrus-imapd_nntp-overflow.dif ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ cyrus-imapd.spec ++++++ --- /var/tmp/diff_new_pack.YJuI24/_old 2011-09-09 16:22:56.000000000 +0200 +++ /var/tmp/diff_new_pack.YJuI24/_new 2011-09-09 16:22:56.000000000 +0200 @@ -57,7 +57,7 @@ %endif Summary: The Cyrus IMAP and POP Mail Server Version: 2.3.16 -Release: 16.<RELEASE17> +Release: 16.<RELEASE19> Source: %{prjname}-%{version}.tar.bz2 Source1: cyrus-imapd-rc.tar.gz Source2: DB_CONFIG @@ -74,6 +74,7 @@ Patch18: cyrus-imapd-perl-path.patch Patch19: cyrus-imapd-libdb-4_8.patch Patch20: cyrus-imapd-STARTTLS-plaintext-command-injection.dif +Patch21: cyrus-imapd_nntp-overflow.dif %if %{with_kolab} # KOLAB_cyrus-imapd patches are maintained at @@ -187,6 +188,7 @@ %patch18 %patch19 -p1 %patch20 -p2 +%patch21 -p1 %if %{with_kolab} %patch100 -p1 ++++++ cyrus-imapd_nntp-overflow.dif ++++++ Index: cyrus-imapd-2.3.11/imap/nntpd.c =================================================================== --- cyrus-imapd-2.3.11.orig/imap/nntpd.c +++ cyrus-imapd-2.3.11/imap/nntpd.c @@ -4107,7 +4107,8 @@ static struct wildmat *split_wildmats(ch else if (*c == '@') wild[n].not = -1; /* absolute not (feeding) */ else wild[n].not = 0; - strcpy(p, wild[n].not ? c + 1 : c); + strncpy(p, wild[n].not ? c + 1 : c, pattern+sizeof(pattern) - p); + pattern[sizeof(pattern)-1] = '\0'; wild[n++].pat = xstrdup(pattern); } while (c != str); wild[n].pat = NULL; ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org
participants (1)
-
root@hilbert.suse.de