diff options
| author | Marius Bakke <mbakke@fastmail.com> | 2017-12-05 23:41:30 +0100 |
|---|---|---|
| committer | Marius Bakke <mbakke@fastmail.com> | 2017-12-05 23:41:30 +0100 |
| commit | 77181815ae70cf573b6fa390a4400b718835aa8a (patch) | |
| tree | 731ccaaccc7a69ddc90f04bb71a6a39aa5f3be5a /gnu/packages/patches/procmail-CVE-2017-16844.patch | |
| parent | e3f9406b7c4b3b1afe3dd6affb7f7898434d607a (diff) | |
| parent | 35377cfa908340e51fd22af7369aef15499d4a36 (diff) | |
| download | guix-77181815ae70cf573b6fa390a4400b718835aa8a.tar.gz | |
Merge branch 'master' into core-updates
Diffstat (limited to 'gnu/packages/patches/procmail-CVE-2017-16844.patch')
| -rw-r--r-- | gnu/packages/patches/procmail-CVE-2017-16844.patch | 25 |
1 files changed, 25 insertions, 0 deletions
diff --git a/gnu/packages/patches/procmail-CVE-2017-16844.patch b/gnu/packages/patches/procmail-CVE-2017-16844.patch new file mode 100644 index 0000000000..b96540c8cd --- /dev/null +++ b/gnu/packages/patches/procmail-CVE-2017-16844.patch @@ -0,0 +1,25 @@ +Fix CVE-2017-16844: + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16844 +https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876511 + +Patch copied from Debian procmail package 3.22-26: + +http://http.debian.net/debian/pool/main/p/procmail/procmail_3.22-26.debian.tar.xz + +From: Santiago Vila <sanvila@debian.org> +Subject: Fix heap-based buffer overflow in loadbuf() +Bug-Debian: http://bugs.debian.org/876511 +X-Debian-version: 3.22-26 + +--- a/src/formisc.c ++++ b/src/formisc.c +@@ -103,7 +103,7 @@ + } + /* append to buf */ + void loadbuf(text,len)const char*const text;const size_t len; +-{ if(buffilled+len>buflen) /* buf can't hold the text */ ++{ while(buffilled+len>buflen) /* buf can't hold the text */ + buf=realloc(buf,buflen+=Bsize); + tmemmove(buf+buffilled,text,len);buffilled+=len; + } |