summaryrefslogtreecommitdiff
path: root/mail-client/sylpheed/files
diff options
context:
space:
mode:
authorV3n3RiX <venerix@koprulu.sector>2022-06-29 12:04:12 +0100
committerV3n3RiX <venerix@koprulu.sector>2022-06-29 12:04:12 +0100
commit0f558761aa2dee1017b4751e4017205e015a9560 (patch)
tree037df795519468a25d9362b4e95cdaeb84eb1cf9 /mail-client/sylpheed/files
parent752d6256e5204b958b0ef7905675a940b5e9172f (diff)
gentoo resync : 29.12.2022
Diffstat (limited to 'mail-client/sylpheed/files')
-rw-r--r--mail-client/sylpheed/files/sylpheed-CVE-2021-37746.patch39
1 files changed, 39 insertions, 0 deletions
diff --git a/mail-client/sylpheed/files/sylpheed-CVE-2021-37746.patch b/mail-client/sylpheed/files/sylpheed-CVE-2021-37746.patch
new file mode 100644
index 000000000000..47a6f078e824
--- /dev/null
+++ b/mail-client/sylpheed/files/sylpheed-CVE-2021-37746.patch
@@ -0,0 +1,39 @@
+https://src.fedoraproject.org/rpms/sylpheed/blob/rawhide/f/sylpheed-3.7.0-uri-check.patch
+
+From 4d7dfe055673b49391af66f45643bc956799a4ca Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Dan=20Hor=C3=A1k?= <dan@danny.cz>
+Date: Mon, 2 Aug 2021 12:04:42 +0200
+Subject: [PATCH] harden link checker before accepting click
+
+http://git.claws-mail.org/?p=claws.git;a=commitdiff_plain;h=ac286a71ed78429e16c612161251b9ea90ccd431;hp=a4a629ce824011f5ae3f0b8cb1117f9608b7f5ad
+
+Resolves: CVE-2021-37746
+---
+ src/textview.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/src/textview.c b/src/textview.c
+index e55eea9e..6fbb8a1d 100644
+--- a/src/textview.c
++++ b/src/textview.c
+@@ -2689,7 +2689,7 @@ static gboolean textview_uri_security_check(TextView *textview, RemoteURI *uri)
+ gboolean retval = TRUE;
+
+ if (is_uri_string(uri->uri) == FALSE)
+- return TRUE;
++ return FALSE;
+
+ buffer = gtk_text_view_get_buffer(GTK_TEXT_VIEW(textview->text));
+ gtk_text_buffer_get_iter_at_offset(buffer, &start_iter, uri->start);
+@@ -2725,6 +2725,8 @@ static gboolean textview_uri_security_check(TextView *textview, RemoteURI *uri)
+ if (aval == G_ALERTDEFAULT)
+ retval = TRUE;
+ }
++ if (strlen(uri->uri) > get_uri_len(uri->uri))
++ retval = FALSE;
+
+ g_free(visible_str);
+
+--
+2.31.1
+
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-22 02:13:31 +0000