aboutsummaryrefslogtreecommitdiff
Fixes CVE-2014-3618 (heap overflow in formisc.c allowing denial of
service and potential remote execution of arbitrary code).
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3618

Source:
http://seclists.org/oss-sec/2014/q3/495

Adopted by Debian as patch '27':
https://sources.debian.net/src/procmail/3.22-25/debian/patches/27/

--- a/src/formisc.c
+++ b/src/formisc.c
@@ -84,12 +84,11 @@
 	case '"':*target++=delim='"';start++;
       }
      ;{ int i;
-	do
+	while(*start)
 	   if((i= *target++= *start++)==delim)	 /* corresponding delimiter? */
 	      break;
 	   else if(i=='\\'&&*start)		    /* skip quoted character */
 	      *target++= *start++;
-	while(*start);						/* anything? */
       }
      hitspc=2;
    }
generated by cgit
tion value='25'>25space:mode:
authorEric Bavier <bavier@member.fsf.org>2016-07-07 00:06:44 -0500
committerEric Bavier <bavier@member.fsf.org>2016-07-18 20:28:21 -0500
commit3b956a3392fc277e80ffe0477592c1d00664f513 (patch)
tree07e7972e7cd37116e28c65da84656439fd2e1d04 /gnu/packages/glib.scm
parent3ebc09057a082bc911ee11f45d6cc8b0f76edec6 (diff)
downloadguix-3b956a3392fc277e80ffe0477592c1d00664f513.tar.gz
guix-3b956a3392fc277e80ffe0477592c1d00664f513.zip
gnu: llvm: Update to 3.8.1.
* gnu/packages/llvm.scm (llvm, clang-runtime, clang): Update to 3.8.1. (llvm-3.7, clang-runtime-3.7, clang-3.7): New variables. (clang-runtime-from-llvm)[arguments]: Disable tests, which were not being run for previous versions anyhow but now fail hard. (clang-from-llvm): Add #:patches keyword argument. * gnu/packages/patches/clang-3.8-libc-search-path.patch: New patch. * gnu/local.mk (dist_patch_DATA): Add it. Co-authored-by: Dennis Mungai <dmngaie@gmail.scm>
Diffstat (limited to 'gnu/packages/glib.scm')
0 files changed, 0 insertions, 0 deletions
generated by cgit