rpms/sylpheed/devel sylpheed-2.4.4-CVE-2007-2958.patch, NONE, 1.1 sylpheed.spec, 1.54, 1.55

Michael Schwendt (mschwendt) fedora-extras-commits at redhat.com
Fri Aug 24 11:06:27 UTC 2007 

Author: mschwendt

Update of /cvs/pkgs/rpms/sylpheed/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv10891

Modified Files:
	sylpheed.spec 
Added Files:
	sylpheed-2.4.4-CVE-2007-2958.patch 
Log Message:
* Fri Aug 24 2007 Michael Schwendt <mschwendt[AT]users.sf.net> - 2.4.4-2
- Patch POP3 format string vulnerability CVE-2007-2958 (#254123).


sylpheed-2.4.4-CVE-2007-2958.patch:

--- NEW FILE sylpheed-2.4.4-CVE-2007-2958.patch ---
Index: inc.c
===================================================================
--- src/inc.c	(revision 1611)
+++ src/yinc.c	(working copy)
@@ -1364,7 +1364,7 @@
 			log_warning("%s\n", log_msg);
 	}
 	if (err_msg) {
-		alertpanel_error(err_msg);
+		alertpanel_error("%s", err_msg);
 		g_free(err_msg);
 	}
 }


Index: sylpheed.spec
===================================================================
RCS file: /cvs/pkgs/rpms/sylpheed/devel/sylpheed.spec,v
retrieving revision 1.54
retrieving revision 1.55
diff -u -r1.54 -r1.55
--- sylpheed.spec	21 Aug 2007 17:02:50 -0000	1.54
+++ sylpheed.spec	24 Aug 2007 11:05:53 -0000	1.55
@@ -5,7 +5,7 @@
 Summary: GTK+ based, lightweight, and fast email client
 Name: sylpheed
 Version: 2.4.4
-Release: 2
+Release: 3
 License: GPLv2+
 URL: http://sylpheed.sraoss.jp/
 Group: Applications/Internet
@@ -24,6 +24,7 @@
 Patch2: sylpheed-2.4.2-desktop.patch
 Patch3: sylpheed-2.3.1-certsdir.patch
 Patch4: sylpheed-2.2.5-prefs_common.patch
+Patch5: sylpheed-2.4.4-CVE-2007-2958.patch
 
 %description
 This program is an X based fast email client which has features
@@ -46,6 +47,7 @@
 %patch2 -p1 -b .desktop
 %patch3 -p1 -b .certsdir
 %patch4 -p1 -b .prefs_common
+%patch5 -p0 -b .CVE-2007-2958
 
 %build
 %configure --enable-ssl %{!?_without_gpgme:--enable-gpgme} \
@@ -84,6 +86,9 @@
 %{_mandir}/man1/*
 
 %changelog
+* Fri Aug 24 2007 Michael Schwendt <mschwendt[AT]users.sf.net> - 2.4.4-3
+- Patch POP3 format string vulnerability CVE-2007-2958 (#254123).
+
 * Tue Aug 21 2007 Michael Schwendt <mschwendt[AT]users.sf.net>
 - rebuilt

More information about the fedora-extras-commits mailing list