[notmuch/f15] cve-2011-1103
Karel Klíč
kklic at fedoraproject.org
Wed Mar 7 17:00:33 UTC 2012
commit a43b8a2b396f680f0b1ab53c01e52ba763b357e3
Author: Karel Klic <kklic at redhat.com>
Date: Wed Mar 7 18:01:03 2012 +0100
cve-2011-1103
notmuch-cve-2011-1103.patch | 17 +++++++++++++++++
notmuch.spec | 7 ++++++-
2 files changed, 23 insertions(+), 1 deletions(-)
---
diff --git a/notmuch-cve-2011-1103.patch b/notmuch-cve-2011-1103.patch
new file mode 100644
index 0000000..58ac8dd
--- /dev/null
+++ b/notmuch-cve-2011-1103.patch
@@ -0,0 +1,17 @@
+diff -up notmuch-0.6.1/emacs/notmuch-mua.el.cve-2011-1103 notmuch-0.6.1/emacs/notmuch-mua.el
+--- notmuch-0.6.1/emacs/notmuch-mua.el.cve-2011-1103 2011-07-17 16:20:51.000000000 +0200
++++ notmuch-0.6.1/emacs/notmuch-mua.el 2012-03-07 17:26:19.174712427 +0100
+@@ -109,7 +109,12 @@ list."
+ (insert body))
+ (set-buffer-modified-p nil)
+
+- (message-goto-body))
++ (message-goto-body)
++ ;; Original message may contain (malicious) MML tags. We must
++ ;; properly quote them in the reply. Note that using `point-max'
++ ;; instead of `mark' here is wrong. The buffer may include user's
++ ;; signature which should not be MML-quoted.
++ (mml-quote-region (point) (point-max)))
+
+ (defun notmuch-mua-forward-message ()
+ (message-forward)
diff --git a/notmuch.spec b/notmuch.spec
index 58e8bbe..a71d6df 100644
--- a/notmuch.spec
+++ b/notmuch.spec
@@ -1,11 +1,12 @@
Name: notmuch
Version: 0.5
-Release: 4%{?dist}
+Release: 5%{?dist}
Summary: System for indexing, searching, and tagging email
Group: Applications/Internet
License: GPLv3+
URL: http://notmuchmail.org/
Source0: http://notmuchmail.org/releases/notmuch-%{version}.tar.gz
+Patch0: notmuch-cve-2011-1103.patch
BuildRequires: xapian-core-devel
BuildRequires: gmime-devel
BuildRequires: libtalloc-devel
@@ -59,6 +60,7 @@ Requires: emacs-notmuch = %{version}-%{release}
%prep
%setup -q
+%patch0 -p1 -b .cve-2011-1103
%build
# The %%configure macro cannot be used because notmuch doesn't support
@@ -103,6 +105,9 @@ find %{buildroot}%{_libdir} -name *.so* -exec chmod 755 {} \;
%{_emacs_sitelispdir}/*.el
%changelog
+* Wed Mar 7 2012 Karel Klíč <kklic at redhat.com> - 0.5-5
+- Added patch for CVE-2011-1103: tag information disclosure flaw
+
* Tue Feb 08 2011 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.5-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
More information about the scm-commits
mailing list