rpms/sylpheed/FC-6 sylpheed-2.3.1-CVE-2007-2958.patch, NONE, 1.1 sylpheed.spec, 1.44, 1.45

Michael Schwendt (mschwendt) fedora-extras-commits at redhat.com
Fri Aug 24 11:09:31 UTC 2007 

Author: mschwendt

Update of /cvs/pkgs/rpms/sylpheed/FC-6
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv11096

Modified Files:
	sylpheed.spec 
Added Files:
	sylpheed-2.3.1-CVE-2007-2958.patch 
Log Message:
* Fri Aug 24 2007 Michael Schwendt <mschwendt[AT]users.sf.net> - 2.3.1-1.3
- Patch POP3 format string vulnerability CVE-2007-2958 (#254123).
- Clarify licence (GPLv2+).


sylpheed-2.3.1-CVE-2007-2958.patch:

--- NEW FILE sylpheed-2.3.1-CVE-2007-2958.patch ---
diff -Nur sylpheed-2.3.1-orig/src/inc.c sylpheed-2.3.1/src/inc.c
--- sylpheed-2.3.1-orig/src/inc.c	2007-01-12 07:14:57.000000000 +0100
+++ sylpheed-2.3.1/src/inc.c	2007-08-24 12:55:26.000000000 +0200
@@ -1249,7 +1249,7 @@
 			log_warning("%s\n", log_msg);
 	}
 	if (err_msg) {
-		alertpanel_error(err_msg);
+		alertpanel_error("%s", err_msg);
 		g_free(err_msg);
 	}
 }


Index: sylpheed.spec
===================================================================
RCS file: /cvs/pkgs/rpms/sylpheed/FC-6/sylpheed.spec,v
retrieving revision 1.44
retrieving revision 1.45
diff -u -r1.44 -r1.45
--- sylpheed.spec	18 May 2007 15:17:33 -0000	1.44
+++ sylpheed.spec	24 Aug 2007 11:08:58 -0000	1.45
@@ -5,8 +5,8 @@
 Summary: GTK+ based, lightweight, and fast email client
 Name: sylpheed
 Version: 2.3.1
-Release: 1.2
-License: GPL
+Release: 1.3
+License: GPLv2+
 URL: http://sylpheed.sraoss.jp/
 Group: Applications/Internet
 Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-buildroot-%(%{__id_u} -n)
@@ -27,6 +27,7 @@
 Patch5: sylpheed-2.3.1-apop-cve-2007-1558.patch
 Patch6: sylpheed-2.3.1-pgpmime-signed-compose.patch
 Patch7: sylpheed-2.3.1-escaped-quotes.patch
+Patch8: sylpheed-2.3.1-CVE-2007-2958.patch
 
 %description
 This program is an X based fast email client which has features
@@ -52,6 +53,7 @@
 %patch5 -p1 -b .apop
 %patch6 -p1 -b .pgpmime-signed-compose
 %patch7 -p1 -b .escaped-quotes
+%patch8 -p1 -b .CVE-2007-2958
 
 %build
 %configure --enable-ssl %{!?_without_gpgme:--enable-gpgme} \
@@ -91,6 +93,10 @@
 %{_mandir}/man1/*
 
 %changelog
+* Fri Aug 24 2007 Michael Schwendt <mschwendt[AT]users.sf.net> - 2.3.1-1.3
+- Patch POP3 format string vulnerability CVE-2007-2958 (#254123).
+- Clarify licence (GPLv2+).
+
 * Fri May 18 2007 Michael Schwendt <mschwendt[AT]users.sf.net> - 2.3.1-1.2
 - Backport patch for libsylph to improve/fix handling of escapes
   and quotes in headers.

More information about the fedora-extras-commits mailing list