pool/evolution-data-server
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/evolution-data-server?expand=0&rev=7

Browse Source
This commit is contained in:
OBS User unknown 2007-06-22 16:46:41 +00:00 committed by Git OBS Bridge
parent bb8cd537f2
commit 3dfc2a74ff
3 changed files with 39 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
evolution-camel-imap-CVE-2007-3257.patch Normal file
View File

@ -0,0 +1,27 @@
2007-06-14 Philip Van Hoof <pvanhoof@gnome.org>
* camel-imap-folder.c: Security bugfix. The sequence can be a negative
value while it is being used as the index of an array (#447414)
Index: providers/imap/camel-imap-folder.c
===================================================================
--- camel/providers/imap/camel-imap-folder.c (revision 7815)
+++ camel/providers/imap/camel-imap-folder.c (working copy)
@@ -656,7 +656,7 @@
uid = g_datalist_get_data (&data, "UID");
flags = GPOINTER_TO_UINT (g_datalist_get_data (&data, "FLAGS"));
- if (!uid || !seq || seq > summary_len) {
+ if (!uid || !seq || seq > summary_len || seq < 0) {
g_datalist_clear (&data);
continue;
}
@@ -2790,7 +2790,7 @@
if (*response != '*' || *(response + 1) != ' ')
return NULL;
- seq = strtol (response + 2, &response, 10);
+ seq = strtoul (response + 2, &response, 10);
if (seq == 0)
return NULL;
if (g_ascii_strncasecmp (response, " FETCH (", 8) != 0)

6
evolution-data-server.changes
View File

@ -1,3 +1,9 @@
-------------------------------------------------------------------
Fri Jun 22 15:57:28 CEST 2007 - sbrabec@suse.cz
- Fixed IMAP UID format string vulnerability (#284828,
GNOME#447414, CVE-2007-3257).
-------------------------------------------------------------------
Thu May 24 01:37:07 CEST 2007 - ro@suse.de

7
evolution-data-server.spec
View File

@ -17,7 +17,7 @@ Group: Development/Libraries/GNOME
Autoreqprov: on
Summary: Evolution Data Server
Version: 1.10.1
Release: 18
Release: 33
Source: ftp://ftp.gnome.org/pub/gnome/sources/evolution-data-server/1.10/%{name}-%{version}.tar.bz2
#Patch3: evolution-data-server-gcc4.patch
Patch5: evolution-data-server-configure.patch
@ -107,6 +107,7 @@ Patch85: bnc-167330-default-GW-alarms.patch
Patch86: eds-compiler-warning.patch
Patch87: evolution-data-server-retval.patch
Patch89: bgo-369168-buffer-overrun.patch
Patch90: evolution-camel-imap-CVE-2007-3257.patch
# Change patch below if we move away from /opt/gnome
# It avoids a build dependency on libgnomeui to speed up bootstrap
Patch99: libgnomeui-dep.patch
@ -238,6 +239,7 @@ documentation.
%patch86
%patch87
#%patch89
%patch90
%patch99 -p1
%build
@ -293,6 +295,9 @@ rm $RPM_BUILD_ROOT%{_libdir}/*/*/*.*a
%{_datadir}/gtk-doc/html/*
%changelog
* Fri Jun 22 2007 - sbrabec@suse.cz
- Fixed IMAP UID format string vulnerability (#284828,
GNOME#447414, CVE-2007-3257).
* Thu May 24 2007 - ro@suse.de
- added ldconfig to post scripts
* Wed Apr 11 2007 - maw@suse.de