diff options
| author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-06 00:47:27 +0000 |
|---|---|---|
| committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-06 00:47:27 +0000 |
| commit | d5eb37dd4a5a433c40c3c1e7ead424add62663f8 (patch) | |
| tree | 6a18289cb463d11227d1fa4c990548e50a09d917 /debian/patches/84_05-CVE-2020-28011-Heap-buffer-overflow-in-queue_run.patch | |
| parent | Adding upstream version 4.92. (diff) | |
| download | exim4-d5eb37dd4a5a433c40c3c1e7ead424add62663f8.tar.xz exim4-d5eb37dd4a5a433c40c3c1e7ead424add62663f8.zip | |
Adding debian version 4.92-8+deb10u6.debian/4.92-8+deb10u6
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'debian/patches/84_05-CVE-2020-28011-Heap-buffer-overflow-in-queue_run.patch')
| -rw-r--r-- | debian/patches/84_05-CVE-2020-28011-Heap-buffer-overflow-in-queue_run.patch | 39 |
1 files changed, 39 insertions, 0 deletions
diff --git a/debian/patches/84_05-CVE-2020-28011-Heap-buffer-overflow-in-queue_run.patch b/debian/patches/84_05-CVE-2020-28011-Heap-buffer-overflow-in-queue_run.patch new file mode 100644 index 0000000..086644b --- /dev/null +++ b/debian/patches/84_05-CVE-2020-28011-Heap-buffer-overflow-in-queue_run.patch @@ -0,0 +1,39 @@ +From 9970ba4d8b9477d98c722221b6b7b97f03104b9f Mon Sep 17 00:00:00 2001 +From: Qualys Security Advisory <qsa@qualys.com> +Date: Sun, 21 Feb 2021 19:22:33 -0800 +Subject: [PATCH 05/29] CVE-2020-28011: Heap buffer overflow in queue_run() + +--- + src/queue.c | 14 ++++++++++---- + 1 file changed, 10 insertions(+), 4 deletions(-) + +diff --git a/src/queue.c b/src/queue.c +index 92109ef92..41af5b85e 100644 +--- a/src/queue.c ++++ b/src/queue.c +@@ -416,12 +416,18 @@ if (!recurse) + p += sprintf(CS p, " -q%s", extras); + + if (deliver_selectstring) +- p += sprintf(CS p, " -R%s %s", f.deliver_selectstring_regex? "r" : "", +- deliver_selectstring); ++ { ++ snprintf(CS p, big_buffer_size - (p - big_buffer), " -R%s %s", ++ f.deliver_selectstring_regex? "r" : "", deliver_selectstring); ++ p += strlen(CCS p); ++ } + + if (deliver_selectstring_sender) +- p += sprintf(CS p, " -S%s %s", f.deliver_selectstring_sender_regex? "r" : "", +- deliver_selectstring_sender); ++ { ++ snprintf(CS p, big_buffer_size - (p - big_buffer), " -S%s %s", ++ f.deliver_selectstring_sender_regex? "r" : "", deliver_selectstring_sender); ++ p += strlen(CCS p); ++ } + + log_detail = string_copy(big_buffer); + if (*queue_name) +-- +2.30.2 + |