+ upstream/383769-score-match.patch: match full name with ~F, same as
mutt-ng (Closes: 383769)
+ upstream/547739-manual-typos.patch: typos in manual.txt (Closes: 547739)
+ + upstream/311296-rand-mktemp.patch: more random file creation in /tmp, see
+ CVE CAN-2005-2351 (Closes: 311296)
+ debian-specific/Muttrc: set time_inc to be 250ms (Closes: 537746)
* debian/control:
+ bumping Standards-Version to 3.8.4, nothing to be done
upstream/228671-pipe-mime.patch
upstream/383769-score-match.patch
upstream/547739-manual-typos.patch
+upstream/311296-rand-mktemp.patch
misc/hyphen-as-minus.patch
#misc/manpage-typos.patch
--- /dev/null
+More random file creation in /tmp to prevent DOS, see CVE CAN-2005-2351 and
+upstream http://bugs.mutt.org/3158
+
+--- a/muttlib.c
++++ b/muttlib.c
+@@ -748,7 +748,12 @@
+
+ void _mutt_mktemp (char *s, const char *src, int line)
+ {
+- snprintf (s, _POSIX_PATH_MAX, "%s/mutt-%s-%d-%d-%d", NONULL (Tempdir), NONULL(Hostname), (int) getuid(), (int) getpid (), Counter++);
++ long sek;
++
++ time(&sek);
++ srand(sek);
++ snprintf (s, _POSIX_PATH_MAX, "%s/mutt-%s-%d-%d-%d%x%x", NONULL (Tempdir), NONULL(Hostname), (int) getuid(), (int) getpid (),
++ Counter++, (unsigned int) rand(), (unsigned int) rand());
+ dprint (3, (debugfile, "%s:%d: mutt_mktemp returns \"%s\".\n", src, line, s));
+ unlink (s);
+ }
projects / software / mutt-debian.git / commitdiff