diff options
author | Leo Famulari <leo@famulari.name> | 2016-05-29 13:02:23 -0400 |
---|---|---|
committer | Leo Famulari <leo@famulari.name> | 2016-05-29 13:12:16 -0400 |
commit | 1d982d787dfdd6739fe6c829aee332e9b24bdc31 (patch) | |
tree | e700e7c6c2adb91dc2fb21d55f2417548c483cba /gnu/packages/patches/procmail-CVE-2014-3618.patch | |
parent | c68d8126f9dc6f932fdbfe04b0c773c42d49938a (diff) | |
download | guix-1d982d787dfdd6739fe6c829aee332e9b24bdc31.tar guix-1d982d787dfdd6739fe6c829aee332e9b24bdc31.tar.gz |
gnu: procmail: Fix CVE-2014-3618.
* gnu/packages/patches/procmail-CVE-2014-3618.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/mail.scm (procmail): Use it.
Diffstat (limited to 'gnu/packages/patches/procmail-CVE-2014-3618.patch')
-rw-r--r-- | gnu/packages/patches/procmail-CVE-2014-3618.patch | 26 |
1 files changed, 26 insertions, 0 deletions
diff --git a/gnu/packages/patches/procmail-CVE-2014-3618.patch b/gnu/packages/patches/procmail-CVE-2014-3618.patch new file mode 100644 index 0000000000..e3f2759738 --- /dev/null +++ b/gnu/packages/patches/procmail-CVE-2014-3618.patch @@ -0,0 +1,26 @@ +Fixes CVE-2014-3618 (heap overflow in formisc.c allowing denial of +service and potential remote execution of arbitrary code). +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3618 + +Source: +http://seclists.org/oss-sec/2014/q3/495 + +Adopted by Debian as patch '27': +https://sources.debian.net/src/procmail/3.22-25/debian/patches/27/ + +--- a/src/formisc.c ++++ b/src/formisc.c +@@ -84,12 +84,11 @@ + case '"':*target++=delim='"';start++; + } + ;{ int i; +- do ++ while(*start) + if((i= *target++= *start++)==delim) /* corresponding delimiter? */ + break; + else if(i=='\\'&&*start) /* skip quoted character */ + *target++= *start++; +- while(*start); /* anything? */ + } + hitspc=2; + } |