.

OBS-URL: https://build.opensuse.org/package/show/server:mail/mutt?expand=0&rev=98

mutt-CVE-2014-0467.patch

@@ -0,0 +1,10 @@
+--- mutt-1.5.21/copy.c
++++ mutt-1.5.21/copy.c	2014-03-25 08:42:27.466839319 +0000
+@@ -254,6 +254,7 @@ mutt_copy_hdr (FILE *in, FILE *out, LOFF
+     {
+       if (!address_header_decode (&this_one))
+ 	rfc2047_decode (&this_one);
++      this_one_len = mutt_strlen (this_one);
+     }
+     
+     if (!headers[x])

mutt.changes

@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Mon Mar 17 13:24:35 UTC 2014 - meissner@suse.com
+
+- mutt-CVE-2014-0467.patch: fixed a buffer overflow during header display.
+  CVE-2014-0467 / bnc#868115 
+
 -------------------------------------------------------------------
 Mon Aug  5 18:06:01 CEST 2013 - ro@suse.de
 

mutt.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package mutt
 #
-# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -101,6 +101,8 @@ Patch14:        nion.sidebar-color.diff
 Patch15:        widechar.sidebar.dif
 # PATCH-FIX-OPENSUSE: Be able to read signed/encrypted messsages even with CRLF
 Patch16:        mutt-1.5.21-cariage-return.path
+# PATCH-FIX-SUSE: bnc#868115 - CVE-2014-0467: mutt: crash due to malicious email
+Patch17:        mutt-CVE-2014-0467.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 %global         _sysconfdir %{_sysconfdir}
 
@@ -133,6 +135,7 @@ done
 %patch14 -p1 -b .sidebar.color
 %patch15 -p0 -b .widechar.sidebar
 %patch16 -p0 -b .crlf
+%patch17 -p1 -b .cve.2014.0467
 
 cp doc/Muttrc Muttrc.SuSE
 cp %{S:2} .