Bug#1003795: buster-pu: package evolution-data-server/3.30.5-1+deb10u2

Sat, 15 Jan 2022 14:30:14 -0800 

Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian....@packages.debian.org
Usertags: pu

  * CVE-2020-16117: Crash on malformed server response with
                    minimal capabilities.

diff -Nru evolution-data-server-3.30.5/debian/changelog 
evolution-data-server-3.30.5/debian/changelog
--- evolution-data-server-3.30.5/debian/changelog       2020-07-14 
22:09:35.000000000 +0300
+++ evolution-data-server-3.30.5/debian/changelog       2022-01-16 
00:17:04.000000000 +0200
@@ -1,3 +1,11 @@
+evolution-data-server (3.30.5-1+deb10u2) buster; urgency=medium
+
+  * Non-maintainer upload.
+  * CVE-2020-16117: Crash on malformed server response with
+                    minimal capabilities.
+
+ -- Adrian Bunk <b...@debian.org>  Sun, 16 Jan 2022 00:17:04 +0200
+
 evolution-data-server (3.30.5-1+deb10u1) buster-security; urgency=medium
 
   * CVE-2020-14928: Response Injection via STARTTLS in SMTP and POP3.
diff -Nru 
evolution-data-server-3.30.5/debian/patches/0001-I-189-Crash-on-malformed-server-response-with-minima.patch
 
evolution-data-server-3.30.5/debian/patches/0001-I-189-Crash-on-malformed-server-response-with-minima.patch
--- 
evolution-data-server-3.30.5/debian/patches/0001-I-189-Crash-on-malformed-server-response-with-minima.patch
 1970-01-01 02:00:00.000000000 +0200
+++ 
evolution-data-server-3.30.5/debian/patches/0001-I-189-Crash-on-malformed-server-response-with-minima.patch
 2022-01-16 00:16:26.000000000 +0200
@@ -0,0 +1,27 @@
+From 9e540466b1c84f492207d3e43749384cde73e46c Mon Sep 17 00:00:00 2001
+From: Milan Crha <mc...@redhat.com>
+Date: Mon, 10 Feb 2020 10:00:32 +0100
+Subject: I#189 - Crash on malformed server response with minimal capabilities
+
+Closes https://gitlab.gnome.org/GNOME/evolution-data-server/issues/189
+---
+ src/camel/providers/imapx/camel-imapx-server.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/src/camel/providers/imapx/camel-imapx-server.c 
b/src/camel/providers/imapx/camel-imapx-server.c
+index 20bc160e4..65690f0d0 100644
+--- a/src/camel/providers/imapx/camel-imapx-server.c
++++ b/src/camel/providers/imapx/camel-imapx-server.c
+@@ -3049,7 +3049,8 @@ connected:
+ 
+                       /* See if we got new capabilities
+                        * in the STARTTLS response. */
+-                      imapx_free_capability (is->priv->cinfo);
++                      if (is->priv->cinfo)
++                              imapx_free_capability (is->priv->cinfo);
+                       is->priv->cinfo = NULL;
+                       if (ic->status->condition == IMAPX_CAPABILITY) {
+                               is->priv->cinfo = ic->status->u.cinfo;
+-- 
+2.20.1
+
diff -Nru evolution-data-server-3.30.5/debian/patches/series 
evolution-data-server-3.30.5/debian/patches/series
--- evolution-data-server-3.30.5/debian/patches/series  2020-07-09 
15:27:45.000000000 +0300
+++ evolution-data-server-3.30.5/debian/patches/series  2022-01-16 
00:16:54.000000000 +0200
@@ -2,3 +2,4 @@
 ubuntu_gettext_domain.patch
 CVE-2020-14928-1.patch
 CVE-2020-14928-2.patch
+0001-I-189-Crash-on-malformed-server-response-with-minima.patch

Reply via email to