Bug#1003795: buster-pu: package evolution-data-server/3.30.5-1+deb10u2

Adrian Bunk bunk at debian.org
Sat Jan 15 22:27:22 GMT 2022 

Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian.org at packages.debian.org
Usertags: pu

  * CVE-2020-16117: Crash on malformed server response with
                    minimal capabilities.
-------------- next part --------------
diff -Nru evolution-data-server-3.30.5/debian/changelog evolution-data-server-3.30.5/debian/changelog
--- evolution-data-server-3.30.5/debian/changelog	2020-07-14 22:09:35.000000000 +0300
+++ evolution-data-server-3.30.5/debian/changelog	2022-01-16 00:17:04.000000000 +0200
@@ -1,3 +1,11 @@
+evolution-data-server (3.30.5-1+deb10u2) buster; urgency=medium
+
+  * Non-maintainer upload.
+  * CVE-2020-16117: Crash on malformed server response with
+                    minimal capabilities.
+
+ -- Adrian Bunk <bunk at debian.org>  Sun, 16 Jan 2022 00:17:04 +0200
+
 evolution-data-server (3.30.5-1+deb10u1) buster-security; urgency=medium
 
   * CVE-2020-14928: Response Injection via STARTTLS in SMTP and POP3.
diff -Nru evolution-data-server-3.30.5/debian/patches/0001-I-189-Crash-on-malformed-server-response-with-minima.patch evolution-data-server-3.30.5/debian/patches/0001-I-189-Crash-on-malformed-server-response-with-minima.patch
--- evolution-data-server-3.30.5/debian/patches/0001-I-189-Crash-on-malformed-server-response-with-minima.patch	1970-01-01 02:00:00.000000000 +0200
+++ evolution-data-server-3.30.5/debian/patches/0001-I-189-Crash-on-malformed-server-response-with-minima.patch	2022-01-16 00:16:26.000000000 +0200
@@ -0,0 +1,27 @@
+From 9e540466b1c84f492207d3e43749384cde73e46c Mon Sep 17 00:00:00 2001
+From: Milan Crha <mcrha at redhat.com>
+Date: Mon, 10 Feb 2020 10:00:32 +0100
+Subject: I#189 - Crash on malformed server response with minimal capabilities
+
+Closes https://gitlab.gnome.org/GNOME/evolution-data-server/issues/189
+---
+ src/camel/providers/imapx/camel-imapx-server.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/src/camel/providers/imapx/camel-imapx-server.c b/src/camel/providers/imapx/camel-imapx-server.c
+index 20bc160e4..65690f0d0 100644
+--- a/src/camel/providers/imapx/camel-imapx-server.c
++++ b/src/camel/providers/imapx/camel-imapx-server.c
+@@ -3049,7 +3049,8 @@ connected:
+ 
+ 			/* See if we got new capabilities
+ 			 * in the STARTTLS response. */
+-			imapx_free_capability (is->priv->cinfo);
++			if (is->priv->cinfo)
++				imapx_free_capability (is->priv->cinfo);
+ 			is->priv->cinfo = NULL;
+ 			if (ic->status->condition == IMAPX_CAPABILITY) {
+ 				is->priv->cinfo = ic->status->u.cinfo;
+-- 
+2.20.1
+
diff -Nru evolution-data-server-3.30.5/debian/patches/series evolution-data-server-3.30.5/debian/patches/series
--- evolution-data-server-3.30.5/debian/patches/series	2020-07-09 15:27:45.000000000 +0300
+++ evolution-data-server-3.30.5/debian/patches/series	2022-01-16 00:16:54.000000000 +0200
@@ -2,3 +2,4 @@
 ubuntu_gettext_domain.patch
 CVE-2020-14928-1.patch
 CVE-2020-14928-2.patch
+0001-I-189-Crash-on-malformed-server-response-with-minima.patch

More information about the pkg-gnome-maintainers mailing list