mail/mutt: update to 1.7.2

Update mutt to upstream release 1.7.2 Also introduce a patch for CVE-2014-9116, which addresses a DoS-attack. The patch is originally found at Debian's package of mutt 1.7.1 Signed-off-by: Paul Wassi <p.wassi@gmx.at>
2026-04-30 15:38:40 +01:00 · 2016-12-04 08:37:37 +01:00
parent 6fccd8801e
commit be1e69437b
3 changed files with 36 additions and 4 deletions
@@ -0,0 +1,31 @@
+From: Antonio Radici <antonio@debian.org>
+Date: Fri, 18 Sep 2015 11:48:47 +0200
+Subject: 771125-CVE-2014-9116-jessie
+
+This patch solves the issue raised by CVE-2014-9116 in bug 771125.
+
+We correctly redefine what are the whitespace characters as per RFC5322; by
+doing so we prevent mutt_substrdup from being used in a way that could lead to
+a segfault.
+
+The lib.c part was written by Antonio Radici <antonio@debian.org> to prevent
+crashes due to this kind of bugs from happening again.
+
+Signed-off-by: Matteo F. Vescovi <mfv@debian.org>
+---
+ lib.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff -rupN a/lib.c b/lib.c
+--- a/lib.c
+++ b/lib.c
+@@ -815,6 +815,9 @@ char *mutt_substrdup (const char *begin,
+   size_t len;
+   char *p;
+ 
+  if (end != NULL && end < begin)
+    return NULL;
+
+   if (end)
+     len = end - begin;
+   else