diff options
| author |   Fabian Groffen <grobian@gentoo.org> | 2009-10-27 09:20:25 +0000 |
|---|---|---|
| committer | Fabian Groffen <grobian@gentoo.org> | 2009-10-27 09:20:25 +0000 |
| commit | 7c8fc5c809961566cba50303e01e2cc5cc9cac54 (patch) | |
| tree | 54529ebff669a673ac9fb55d2e0734ff65357916 /mail-client/mutt/files | |
| parent | Stable for HPPA (bug #290113). (diff) | |
| download | gentoo-2-7c8fc5c809961566cba50303e01e2cc5cc9cac54.tar.gz gentoo-2-7c8fc5c809961566cba50303e01e2cc5cc9cac54.tar.bz2 gentoo-2-7c8fc5c809961566cba50303e01e2cc5cc9cac54.zip | |
Add patch to fix ssl security issue CVE-2009-3765, bug #290660
(Portage version: 2.2.00.14724-prefix/cvs/SunOS i386)
Diffstat (limited to 'mail-client/mutt/files')
| -rw-r--r-- | mail-client/mutt/files/mutt-1.5.20-ssl-CVE-2009-3765-dc09812e63a3.patch | 25 |
1 files changed, 25 insertions, 0 deletions
diff --git a/mail-client/mutt/files/mutt-1.5.20-ssl-CVE-2009-3765-dc09812e63a3.patch b/mail-client/mutt/files/mutt-1.5.20-ssl-CVE-2009-3765-dc09812e63a3.patch new file mode 100644 index 000000000000..becf16baa486 --- /dev/null +++ b/mail-client/mutt/files/mutt-1.5.20-ssl-CVE-2009-3765-dc09812e63a3.patch @@ -0,0 +1,25 @@ +http://bugs.gentoo.org/show_bug.cgi?id=290660 +http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3765 +http://dev.mutt.org/trac/changeset/6016:dc09812e63a3/mutt_ssl.c + +Index: mutt_ssl.c +=================================================================== +--- mutt_ssl.c (revision 5870:dc9ec900c657) ++++ mutt_ssl.c (revision 6016:dc09812e63a3) +@@ -682,5 +682,6 @@ + if (subj_alt_name->type == GEN_DNS) + { +- if ((match_found = hostname_match(hostname_ascii, ++ if (mutt_strlen(subj_alt_name) == subj_alt_name->d.ia5->length && ++ (match_found = hostname_match(hostname_ascii, + (char *)(subj_alt_name->d.ia5->data)))) + { +@@ -712,5 +713,7 @@ + goto out; + } +- match_found = hostname_match(hostname_ascii, buf); ++ if (mutt_strlen(buf) == bufsize - 1) { ++ match_found = hostname_match(hostname_ascii, buf); ++ } + } + |