From c6c9f85c249c60c0f9053b3db7bd6c28436b746f Mon Sep 17 00:00:00 2001 From: wang_yue111 <648774160@qq.com> Date: Thu, 7 Jan 2021 17:44:17 +0800 Subject: [PATCH] fix CVE-2020-28896 --- CVE-2020-28896.patch | 27 +++++++++++++++++++++++++++ mutt.spec | 6 +++++- 2 files changed, 32 insertions(+), 1 deletion(-) create mode 100644 CVE-2020-28896.patch diff --git a/CVE-2020-28896.patch b/CVE-2020-28896.patch new file mode 100644 index 0000000..7d37af0 --- /dev/null +++ b/CVE-2020-28896.patch @@ -0,0 +1,27 @@ +From 7a0bd4a7535eba5a6c7893803091a7d6e07cc15d Mon Sep 17 00:00:00 2001 +From: Kevin McCarthy +Date: Thu, 7 Jan 2021 10:43:55 +0800 +Subject: [PATCH] Ensure IMAP connection is closed after a connection error. + +--- + imap/imap.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/imap/imap.c b/imap/imap.c +index 0c3b79d..5256035 100644 +--- a/imap/imap.c ++++ b/imap/imap.c +@@ -508,9 +508,9 @@ int imap_open_connection (IMAP_DATA* idata) + + #if defined(USE_SSL) + err_close_conn: +- imap_close_connection (idata); + #endif + bail: ++ imap_close_connection (idata); + FREE (&idata->capstr); + return -1; + } +-- +2.23.0 + diff --git a/mutt.spec b/mutt.spec index 93fd7ac..071ba6c 100644 --- a/mutt.spec +++ b/mutt.spec @@ -1,6 +1,6 @@ Name: mutt Version: 1.10.1 -Release: 3 +Release: 4 Epoch: 5 Summary: Text-based mail client License: GPLv2+ and Public Domain @@ -15,6 +15,7 @@ Patch2: mutt-1.8.0-cabundle.patch Patch3: mutt-1.7.0-syncdebug.patch Patch8: mutt-1.5.23-system_certs.patch Patch9: mutt-1.9.0-ssl_ciphers.patch +Patch13: CVE-2020-28896.patch BuildRequires: gcc ncurses-devel gettext automake /usr/bin/xsltproc BuildRequires: lynx docbook-style-xsl perl-interpreter perl-generators @@ -120,6 +121,9 @@ ln -sf ./muttrc.5 %{buildroot}%{_mandir}/man5/muttrc.local.5 %{_mandir}/man5/muttrc.* %changelog +* Thu Jan 07 2021 wangyue - 1.10.1-4 +- fix CVE-2020-28896 + * Sat Nov 07 2020 Ge Wang - 1.10.1-3 - Set help package as mutt package's install require