[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[suse-security] Mutt-1.4.2 fixes buffer overflow. (forw)
Does this affect Suse 9.0 (mutt 1.4.1i)?
----- Forwarded message from Thomas Roessler <roessler@xxxxxxxxxxxxxxxxxx> -----
Mailing-List: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
Delivered-To: mailing list bugtraq@xxxxxxxxxxxxxxxxx
Delivered-To: moderator for bugtraq@xxxxxxxxxxxxxxxxx
Date: Wed, 11 Feb 2004 15:21:14 +0100
From: Thomas Roessler <roessler@xxxxxxxxxxxxxxxxxx>
Subject: Mutt-1.4.2 fixes buffer overflow.
Mutt-1.4.2 has just been released; this version fixes a buffer
overflow that can be triggered by incoming messages. There are
reports about spam that has actually triggered this problem and
It is recommended that users of mutt versions prior to 1.4.2 upgrade
to this version, or apply the patch included below.
Users of "unstable" mutt versions after 1.3.28 (including 1.5.*) do
not need to upgrade, as this problem had been fixed in the unstable
branch in February 2002; unfortunately, the fix was not backported
before 1.4 was released.
mutt-1.4.2 can be found at ftp://ftp.mutt.org/mutt/.
MD5 checksum file name size
44fc379c317109f516894a7c3fd43cc9 diff-1.4.1i-1.4.2i.gz (23k)
6045b47cbba8170d6a9fdccc1aa817b9 mutt-1.4.2i.tar.gz (2.4M)
Linux distributors are expected to release updated mutt packages
Credits: The problem in the stable mutt code base was originally
reported to Red Hat, and was brought to my attention by Mark Cox.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2004-0078 to this issue.
Thomas Roessler · Personal soap box at <http://log.does-not-exist.org/>.
RCS file: /cvs/mutt/mutt/menu.c,v
retrieving revision 18.104.22.168
diff -u -r22.214.171.124 menu.c
--- menu.c 28 Jan 2002 10:18:50 -0000 126.96.36.199
+++ menu.c 11 Feb 2004 10:05:52 -0000
@@ -148,30 +148,13 @@
menu->make_entry (s, l, menu, i);
-void menu_pad_string (char *s, size_t l)
+void menu_pad_string (char *s, size_t n)
- size_t n = mutt_strlen (s);
int shift = option (OPTARROWCURSOR) ? 3 : 0;
- l--; /* save room for the terminal \0 */
- if (l > COLS - shift)
- l = COLS - shift;
+ int cols = COLS - shift;
- /* Let's just pad the string anyway ... */
- mutt_format_string (s, INT_MAX, l, l, 0, ' ', s, n, 1);
-#if !defined (HAVE_BKGDSET) && !defined (USE_SLANG_CURSES)
- /* we have to pad the string with blanks to the end of line */
- if (n < l)
- while (n < l)
- s[n++] = ' ';
- s[n] = 0;
- s[l] = 0;
+ mutt_format_string (s, n, cols, cols, 0, ' ', s, strlen (s), 1);
+ s[n - 1] = 0;
void menu_redraw_full (MUTTMENU *menu)
----- End forwarded message -----
Joerg Mayer <jmayer@xxxxxxxxx>
We are stuck with technology when what we really want is just stuff that
works. Some say that should read Microsoft instead of technology.
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here