Date: Thu, 11 Sep 2014 13:20:55 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-ports-bugs@FreeBSD.org Subject: [Bug 193560] New: [patch] mail/procmail: CVE-2014-3618 Heap-overflow in procmail's formail utility Message-ID: <bug-193560-13@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=193560 Bug ID: 193560 Summary: [patch] mail/procmail: CVE-2014-3618 Heap-overflow in procmail's formail utility Product: Ports Tree Version: Latest Hardware: Any OS: Any Status: Needs Triage Severity: Affects Many People Priority: --- Component: Individual Port(s) Assignee: freebsd-ports-bugs@FreeBSD.org Reporter: martin@lispworks.com The attached patch (based on the one in Fedora 20 and Tavis Ormandy's patch at http://www.openwall.com/lists/oss-security/2014/09/03/8) fixes CVE-2014-3618. I've not managed to repeat the crash in Fedora's bug report #1121299, but the code definitely overflows the buffer. -- You are receiving this mail because: You are the assignee for the bug.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-193560-13>