From c35f87bb1a300c6bde538eaa927a0f7311fb09a0 Mon Sep 17 00:00:00 2001 From: Léo Le Bouter Date: Thu, 11 Mar 2021 01:10:29 +0100 Subject: gnu: evolution-data-server: Fix CVE-2020-14928 and CVE-2020-16117. * gnu/packages/patches/evolution-data-server-CVE-2020-14928.patch, gnu/packages/patches/evolution-data-server-CVE-2020-16117.patch: New patches. * gnu/local.mk (dist_patch_DATA): Register them. * gnu/packages/gnome.scm (evolution-data-server): Apply them. --- .../evolution-data-server-CVE-2020-16117.patch | 28 ++++++++++++++++++++++ 1 file changed, 28 insertions(+) create mode 100644 gnu/packages/patches/evolution-data-server-CVE-2020-16117.patch (limited to 'gnu/packages/patches/evolution-data-server-CVE-2020-16117.patch') diff --git a/gnu/packages/patches/evolution-data-server-CVE-2020-16117.patch b/gnu/packages/patches/evolution-data-server-CVE-2020-16117.patch new file mode 100644 index 0000000000..b2c0622a90 --- /dev/null +++ b/gnu/packages/patches/evolution-data-server-CVE-2020-16117.patch @@ -0,0 +1,28 @@ +From 2cc39592b532cf0dc994fd3694b8e6bf924c9ab5 Mon Sep 17 00:00:00 2001 +From: Milan Crha +Date: Mon, 10 Feb 2020 10:00:32 +0100 +Subject: [PATCH] I#189 - Crash on malformed server response with minimal + capabilities + +Closes https://gitlab.gnome.org/GNOME/evolution-data-server/issues/189 +--- + src/camel/providers/imapx/camel-imapx-server.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/src/camel/providers/imapx/camel-imapx-server.c b/src/camel/providers/imapx/camel-imapx-server.c +index 3c38fb1e9..3883321ec 100644 +--- a/src/camel/providers/imapx/camel-imapx-server.c ++++ b/src/camel/providers/imapx/camel-imapx-server.c +@@ -3045,7 +3045,8 @@ connected: + + /* See if we got new capabilities + * in the STARTTLS response. */ +- imapx_free_capability (is->priv->cinfo); ++ if (is->priv->cinfo) ++ imapx_free_capability (is->priv->cinfo); + is->priv->cinfo = NULL; + if (ic->status->condition == IMAPX_CAPABILITY) { + is->priv->cinfo = ic->status->u.cinfo; +-- +GitLab + -- cgit v1.2.3