diff options
Diffstat (limited to 'gnu/packages/patches')
-rw-r--r-- | gnu/packages/patches/procmail-CVE-2014-3618.patch | 26 |
1 files changed, 26 insertions, 0 deletions
diff --git a/gnu/packages/patches/procmail-CVE-2014-3618.patch b/gnu/packages/patches/procmail-CVE-2014-3618.patch new file mode 100644 index 0000000000..e3f2759738 --- /dev/null +++ b/gnu/packages/patches/procmail-CVE-2014-3618.patch @@ -0,0 +1,26 @@ +Fixes CVE-2014-3618 (heap overflow in formisc.c allowing denial of +service and potential remote execution of arbitrary code). +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3618 + +Source: +http://seclists.org/oss-sec/2014/q3/495 + +Adopted by Debian as patch '27': +https://sources.debian.net/src/procmail/3.22-25/debian/patches/27/ + +--- a/src/formisc.c ++++ b/src/formisc.c +@@ -84,12 +84,11 @@ + case '"':*target++=delim='"';start++; + } + ;{ int i; +- do ++ while(*start) + if((i= *target++= *start++)==delim) /* corresponding delimiter? */ + break; + else if(i=='\\'&&*start) /* skip quoted character */ + *target++= *start++; +- while(*start); /* anything? */ + } + hitspc=2; + } |