On Wed, 11 Feb 2015, Jakub Wilk wrote: > Hi Jan! > > * Jan Darmochwal <jdarmoch...@gmx.de>, 2015-02-07, 23:03: > > What the patch does: > > * allocate enough memory to add angle brackets to From line values > > This is to fix off-by-one heap overflow when parsing addresses that have left > angle bracket, then a comma, but no right angle bracket. > For example: <m...@example.com, > > > * do not "skip" the last character of a string > > This is to fix another off-by-one heap overflow when parsing addresses that > end with backslash. > For example: <m...@example.com\ > > Thanks a lot for identifying the vulnerabilities. > The patch looks good to me!
Thanks a lot, Jakub. I'm going to include your explanation in the changelog as well. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
