me/guix
Archived
1
0
Fork 0
Code Activity

gnu: Mutt: Fix CVE-2021-3181.

Browse source 
* gnu/packages/patches/mutt-CVE-2021-3181.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/mail.scm (mutt)[source]: Use it.
This commit is contained in:
Leo Famulari 2021-01-20 19:35:37 -05:00
parent d4a562ba7a
commit 708d3ec0de
No known key found for this signature in database
GPG key ID: 2646FA30BACA7F08
3 changed files with 48 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
gnu/local.mk
View file

@ -1385,6 +1385,7 @@ dist_patch_DATA = \
%D%/packages/patches/mupen64plus-video-z64-glew-correct-path.patch \ %D%/packages/patches/mupen64plus-video-z64-glew-correct-path.patch \
%D%/packages/patches/musl-cross-locale.patch \ %D%/packages/patches/musl-cross-locale.patch \
%D%/packages/patches/mutt-store-references.patch \ %D%/packages/patches/mutt-store-references.patch \
%D%/packages/patches/mutt-CVE-2021-3181.patch \
%D%/packages/patches/m4-gnulib-libio.patch \ %D%/packages/patches/m4-gnulib-libio.patch \
%D%/packages/patches/ncompress-fix-softlinks.patch \ %D%/packages/patches/ncompress-fix-softlinks.patch \
%D%/packages/patches/netcdf-date-time.patch \ %D%/packages/patches/netcdf-date-time.patch \

3
gnu/packages/mail.scm
View file

@ -456,7 +456,8 @@ aliasing facilities to work just as they would on normal mail.")
(sha256 (sha256
(base32 (base32
"1m4ig69qw4g3lhm4351snmy5i0ch65fqc9vqqdybr6jy21w7w225")) "1m4ig69qw4g3lhm4351snmy5i0ch65fqc9vqqdybr6jy21w7w225"))
(patches (search-patches "mutt-store-references.patch")))) (patches (search-patches "mutt-store-references.patch"
"mutt-CVE-2021-3181.patch"))))
(build-system gnu-build-system) (build-system gnu-build-system)
(inputs (inputs
`(("cyrus-sasl" ,cyrus-sasl) `(("cyrus-sasl" ,cyrus-sasl)

45
gnu/packages/patches/mutt-CVE-2021-3181.patch Normal file
View file

@ -0,0 +1,45 @@
Fix CVE-2021-3181:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3181
Patch copied from upstream source repository:
https://gitlab.com/muttmua/mutt/-/commit/c059e20ea4c7cb3ee9ffd3500ffe313ae84b2545
From c059e20ea4c7cb3ee9ffd3500ffe313ae84b2545 Mon Sep 17 00:00:00 2001
From: Kevin McCarthy <kevin@8t8.us>
Date: Sun, 17 Jan 2021 10:40:37 -0800
Subject: [PATCH] Fix memory leak parsing group address.
When there was a group address terminator with no previous addresses,
an address would be allocated but not attached to the address list.
Change this to only allocate when last exists.
It would be more correct to not allocate at all unless we are inside a
group list, but I will address that in a separate commit to master.
---
rfc822.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/rfc822.c b/rfc822.c
index 7ff4eaa3..ced619f2 100644
--- a/rfc822.c
+++ b/rfc822.c
@@ -587,11 +587,10 @@ ADDRESS *rfc822_parse_adrlist (ADDRESS *top, const char *s)
#endif
/* add group terminator */
- cur = rfc822_new_address ();
if (last)
{
- last->next = cur;
- last = cur;
+ last->next = rfc822_new_address ();
+ last = last->next;
}
phraselen = 0;
--
GitLab