[Bug 193560] New: [patch] mail/procmail: CVE-2014-3618 Heap-overflow in procmail's formail utility

Thu Sep 11 13:20:55 UTC 2014

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=193560

            Bug ID: 193560
           Summary: [patch] mail/procmail: CVE-2014-3618 Heap-overflow in
                    procmail's formail utility
           Product: Ports Tree
           Version: Latest
          Hardware: Any
                OS: Any
            Status: Needs Triage
          Severity: Affects Many People
          Priority: ---
         Component: Individual Port(s)
          Assignee: freebsd-ports-bugs at FreeBSD.org
          Reporter: martin at lispworks.com

The attached patch (based on the one in Fedora 20 and Tavis Ormandy's patch at
http://www.openwall.com/lists/oss-security/2014/09/03/8) fixes CVE-2014-3618.

I've not managed to repeat the crash in Fedora's bug report #1121299, but the
code definitely overflows the buffer.

-- 
You are receiving this mail because:
You are the assignee for the bug.