Fixes CVE-2014-3618 (heap overflow in formisc.c allowing denial of
service and potential remote execution of arbitrary code).
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3618

Source:
http://seclists.org/oss-sec/2014/q3/495

Adopted by Debian as patch '27':
https://sources.debian.net/src/procmail/3.22-25/debian/patches/27/

--- a/src/formisc.c
+++ b/src/formisc.c
@@ -84,12 +84,11 @@
 	case '"':*target++=delim='"';start++;
       }
      ;{ int i;
-	do
+	while(*start)
 	   if((i= *target++= *start++)==delim)	 /* corresponding delimiter? */
 	      break;
 	   else if(i=='\\'&&*start)		    /* skip quoted character */
 	      *target++= *start++;
-	while(*start);						/* anything? */
       }
      hitspc=2;
    }
cted'>koszko</option>
<option value='koszko-scripts'>koszko-scripts</option>
</select> <input type='submit' value='switch'/></form></td></tr>
<tr><td class='sub'>Wojtek's customized Guix</td><td class='sub right'></td></tr></table>
<table class='tabs'><tr><td>
<a href='/guix/about/'>about</a><a href='/guix/'>summary</a><a href='/guix/refs/?id=a16eb6c5f97f136b678540ba61f12b2c08e43e13'>refs</a><a class='active' href='/guix/log/README'>log</a><a href='/guix/tree/README?id=a16eb6c5f97f136b678540ba61f12b2c08e43e13'>tree</a><a href='/guix/commit/README?id=a16eb6c5f97f136b678540ba61f12b2c08e43e13'>commit</a><a href='/guix/diff/README?id=a16eb6c5f97f136b678540ba61f12b2c08e43e13'>diff</a></td><td class='form'><form class='right' method='get' action='/guix/log/README'>
<input type='hidden' name='id' value='a16eb6c5f97f136b678540ba61f12b2c08e43e13'/><select name='qt'>
<option value='grep'>log msg</option>
<option value='author'>author</option>
<option value='committer'>committer</option>
<option value='range'>range</option>
</select>
<input class='txt' type='search' size='10' name='q' value=''/>
<input type='submit' value='search'/>
</form>
</td></tr></table>
<div class='path'>path: <a href='/guix/log/?id=a16eb6c5f97f136b678540ba61f12b2c08e43e13'>root</a>/<a href='/guix/log/README?id=a16eb6c5f97f136b678540ba61f12b2c08e43e13'>README</a></div><div class='content'><table class='list nowrap'><tr class='nohover'><th class='left'>Age</th><th class='left'>Commit message (<a href='/guix/log/README?id=a16eb6c5f97f136b678540ba61f12b2c08e43e13&amp;showmsg=1'>Expand</a>)</th><th class='left'>Author</th></tr>
<tr><td><span title='2020-10-23 12:57:20 -0400'>2020-10-23</span></td><td><a href='/guix/commit/README?id=b5aaa3a4fb985d21e21e2a67f48b52f13ebd4728'>doc: Update README.</a><span class='msg-avail'>...</span></td><td>Maxim Cournoyer</td></tr>
<tr><td><span title='2020-10-22 22:47:54 -0400'>2020-10-22</span></td><td><a href='/guix/commit/README?id=503d2bfde08f9bf97bbf430516d2f19faedd4319'>README: Refer to the manual for building from Git.</a><span class='msg-avail'>...</span></td><td>Maxim Cournoyer</td></tr>
<tr><td><span title='2020-06-02 18:55:53 +0200'>2020-06-02</span></td><td><a href='/guix/commit/README?id=c75a80189fc19f6ff8b4c82d1d1801be6763b6d2'>doc: Update README to refer to the manual.</a><span class='msg-avail'>...</span></td><td>Ludovic Courtès</td></tr>
<tr><td><span title='2019-11-09 23:04:14 +0100'>2019-11-09</span></td><td><a href='/guix/commit/README?id=0758a70cc008171f31c848128deca9803536fe60'>doc: Mention value /var to localstatedir option.</a><span class='msg-avail'>...</span></td><td>zimoun</td></tr>
<tr><td><span title='2019-09-04 23:41:07 +0200'>2019-09-04</span></td><td><a href='/guix/commit/README?id=f475c6e53e5b6912cc45663d50f1d03dadfb60b8'>doc: Update 'README'.</a><span class='msg-avail'>...</span></td><td>Ludovic Courtès</td></tr>
<tr><td><span title='2019-01-09 14:47:53 +0100'>2019-01-09</span></td><td><a href='/guix/commit/README?id=0991fd53367907908fbd901a9fbe79540e4e4527'>build: Require Guile 2.2.</a><span class='msg-avail'>...</span></td><td>Ludovic Courtès</td></tr>
<tr><td><span title='2018-12-02 17:56:05 -0600'>2018-12-02</span></td><td><a href='/guix/commit/README?id=6776af04d4b65c5a9a07784307a6abe395b6f480'>Make Guile-JSON a required dependency.</a><span class='msg-avail'>...</span></td><td>Eric Bavier</td></tr>
<tr><td><span title='2018-11-23 15:42:00 +0100'>2018-11-23</span></td><td><a href='/guix/commit/README?id=60e1c1099fc3d73ed7d3235e71aae5d00ab7d773'>Update Guile-SQLite3 URL everywhere.</a><span class='msg-avail'>...</span></td><td>Ludovic Courtès</td></tr>
<tr><td><span title='2018-09-04 17:25:11 +0200'>2018-09-04</span></td><td><a href='/guix/commit/README?id=ca719424455465fca4b872c371daf2a46de88b33'>Switch to Guile-Gcrypt.</a><span class='msg-avail'>...</span></td><td>Ludovic Courtès</td></tr>
<tr><td><span title='2018-06-27 16:58:59 +0200'>2018-06-27</span></td><td><a href='/guix/commit/README?id=fc6cbb311c5a1acb9cf1d5422fbf1bc23da31d55'>doc: Specify Guile-SQLite3 minimum version.</a><span class='msg-avail'>...</span></td><td>Ludovic Courtès</td></tr>
<tr><td><span title='2018-06-14 11:16:58 +0200'>2018-06-14</span></td><td><a href='/guix/commit/README?id=c5a2e1ffcb029f50c4c18352cf378b61c41c625e'>build: Require Guile-SQLite3.</a><span class='msg-avail'>...</span></td><td>Ludovic Courtès</td></tr>
<tr><td><span title='2018-02-26 18:19:34 +0100'>2018-02-26</span></td><td><a href='/guix/commit/README?id=1d84d7bf6052c0c80bd212d4524876576e9817d4'>build: Require Guile &gt;= 2.0.13.</a><span class='msg-avail'>...</span></td><td>Ludovic Courtès</td></tr>
<tr><td><span title='2018-01-07 23:47:22 +0100'>2018-01-07</span></td><td><a href='/guix/commit/README?id=06e3a5181efa0ea83bb6608d3cbfba5caa56d7e9'>doc: Mark zlib as mandatory, libbz2 as optional.</a><span class='msg-avail'>...</span></td><td>Ludovic Courtès</td></tr>
<tr><td><span title='2018-01-01 18:21:55 +0100'>2018-01-01</span></td><td><a href='/guix/commit/README?id=397cd9cc416c677e84fb4bb6efef5f99d1d2394f'>doc: Update requirements in 'README'.</a><span class='msg-avail'>...</span></td><td>Mathieu Lirzin</td></tr>
<tr><td><span title='2017-09-25 00:12:49 +0200'>2017-09-25</span></td><td><a href='/guix/commit/README?id=e8d8ecde04a988f04642d754eccc16a14e0cdc53'>README: Replace http:// with https:// where applicable.</a></td><td>Marius Bakke</td></tr>
<tr><td><span title='2017-03-18 00:39:49 +0100'>2017-03-18</span></td><td><a href='/guix/commit/README?id=36626c556ed75219bce196ac93d148f6b9af984c'>build: Require Guile &gt;= 2.0.9.</a><span class='msg-avail'>...</span></td><td>Ludovic Courtès</td></tr>

Age	Commit message (Expand)	Author
2020-10-23	doc: Update README....	Maxim Cournoyer
2020-10-22	README: Refer to the manual for building from Git....	Maxim Cournoyer
2020-06-02	doc: Update README to refer to the manual....	Ludovic Courtès
2019-11-09	doc: Mention value /var to localstatedir option....	zimoun
2019-09-04	doc: Update 'README'....	Ludovic Courtès
2019-01-09	build: Require Guile 2.2....	Ludovic Courtès
2018-12-02	Make Guile-JSON a required dependency....	Eric Bavier
2018-11-23	Update Guile-SQLite3 URL everywhere....	Ludovic Courtès
2018-09-04	Switch to Guile-Gcrypt....	Ludovic Courtès
2018-06-27	doc: Specify Guile-SQLite3 minimum version....	Ludovic Courtès
2018-06-14	build: Require Guile-SQLite3....	Ludovic Courtès
2018-02-26	build: Require Guile >= 2.0.13....	Ludovic Courtès
2018-01-07	doc: Mark zlib as mandatory, libbz2 as optional....	Ludovic Courtès
2018-01-01	doc: Update requirements in 'README'....	Mathieu Lirzin
2017-09-25	README: Replace http:// with https:// where applicable.	Marius Bakke
2017-03-18	build: Require Guile >= 2.0.9....	Ludovic Courtès