rpm/neomutt
SHA256
1
0
Fork 0
forked from pool/neomutt
Code Pull Requests Activity

Accepting request 623626 from home:kbabioch:branches:server:mail

Browse Source 
* Lots of bug fixes and vulnerability fixes:
    - CVE-2018-14349: Fixed mishandling of NO response without message in
      imap/command.c (bnc#1101589)
    - CVE-2018-14350: Fixed stack-based buffer overflow for FETCH response with
      long INTERNALDATE field in imap/message.c (bnc#1101588)
    - CVE-2018-14351: Fixed mishandling of a long IMAP status mailbox literal
      count size in imap/command.c (bnc#1101583)
    - CVE-2018-14352: Fixed stack-based buffer overflow in imap_quote_string in
      imap/util.c (bnc#1101582)
    - CVE-2018-14353: Fixed integer underflow in imap_quote_string in
      imap/util.c (bnc#1101581)
    - CVE-2018-14354: Fixed arbitrary command execution via backquote
      characters, related to the mailboxes command associated with manual
      subscription or unsubscription (bnc#1101578)
    - CVE-2018-14355: Fixed directory traversal in mailbox name in imap/util.c
      (bnc#1101577)
    - CVE-2018-14356: Fixed mishandling of zero-length UID in pop.c
      (bnc#1101576)
    - CVE-2018-14357: Fixed arbitrary command execution via backquote
      characters, related to mailboxes command associated with automatic
      subscription (bnc#1101573)
    - CVE-2018-14358: Fixed stack-based buffer overflow for FETCH response with
      long RFC822.SIZE field (bnc#1101571)
    - CVE-2018-14359: Fixed buffer overflow via base64 data (bnc#1101570)
    - CVE-2018-14360: Fixed stack-based buffer overflow because of incorrect
      sscanf usage in nntp_add_group in newsrc.c (bnc#1101569)
    - CVE-2018-14361: Fixed an code flow issue in nntp.c, which would proceed
      even if memory allocation failed for messages data (bnc#1101568)
    - CVE-2018-14362: Fixed unsafe interaction with message-cache pathnames in
      pop.c (bnc#1101567)

OBS-URL: https://build.opensuse.org/request/show/623626
OBS-URL: https://build.opensuse.org/package/show/server:mail/neomutt?expand=0&rev=17
This commit is contained in:
David Sterba 2018-07-18 11:39:09 +00:00 committed by Git OBS Bridge
parent 5faea06cdd
commit fdb3084c2a
1 changed files with 32 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
neomutt.changes
View File

@ -3,9 +3,38 @@ Tue Jul 17 09:26:21 UTC 2018 - kbabioch@suse.com
- Updated to 20180716 - Updated to 20180716
* Feature: <check-stats> function * Feature: <check-stats> function
* Lots of bug fixes * Lots of bug fixes and vulnerability fixes:
* fix for bsc#1101428: code injection and a couple path traversal - CVE-2018-14349: Fixed mishandling of NO response without message in
vulnerabilities imap/command.c (bnc#1101589)
- CVE-2018-14350: Fixed stack-based buffer overflow for FETCH response with
long INTERNALDATE field in imap/message.c (bnc#1101588)
- CVE-2018-14351: Fixed mishandling of a long IMAP status mailbox literal
count size in imap/command.c (bnc#1101583)
- CVE-2018-14352: Fixed stack-based buffer overflow in imap_quote_string in
imap/util.c (bnc#1101582)
- CVE-2018-14353: Fixed integer underflow in imap_quote_string in
imap/util.c (bnc#1101581)
- CVE-2018-14354: Fixed arbitrary command execution via backquote
characters, related to the mailboxes command associated with manual
subscription or unsubscription (bnc#1101578)
- CVE-2018-14355: Fixed directory traversal in mailbox name in imap/util.c
(bnc#1101577)
- CVE-2018-14356: Fixed mishandling of zero-length UID in pop.c
(bnc#1101576)
- CVE-2018-14357: Fixed arbitrary command execution via backquote
characters, related to mailboxes command associated with automatic
subscription (bnc#1101573)
- CVE-2018-14358: Fixed stack-based buffer overflow for FETCH response with
long RFC822.SIZE field (bnc#1101571)
- CVE-2018-14359: Fixed buffer overflow via base64 data (bnc#1101570)
- CVE-2018-14360: Fixed stack-based buffer overflow because of incorrect
sscanf usage in nntp_add_group in newsrc.c (bnc#1101569)
- CVE-2018-14361: Fixed an code flow issue in nntp.c, which would proceed
even if memory allocation failed for messages data (bnc#1101568)
- CVE-2018-14362: Fixed unsafe interaction with message-cache pathnames in
pop.c (bnc#1101567)
- CVE-2018-14363: Fixed unsafe interaction with cache pathnames (containing
'/') in newsrc.c (bnc#1101566)
------------------------------------------------------------------- -------------------------------------------------------------------
Mon Jun 25 00:00:00 CEST 2018 - dsterba@suse.cz Mon Jun 25 00:00:00 CEST 2018 - dsterba@suse.cz