Description of problem: got a pile of new mail this morning. Mostly spam, when scrolling though the index deleting everything, mutt segfaulted. Closer look seems to indicate just reading a particular message causes a segfault. I'll attach the inbox file that causes the crash. Just: mutt -f /tmp/folder and scroll though the index. Since this is a segfault on untrusted data, its possibly a security issue, so flagging as such. Version-Release number of selected component (if applicable): [alikins@sludge alikins]$ rpm -q mutt mutt-1.4.1-4 How reproducible: easy Steps to Reproduce: see above
yeah, down arrow in the index view for that folder crashes for me Hmm, weird. Trying it in a different terminal window and it doesnt segfault. Maybe its related to term size or something
Bill said "It was fixed in the development branch of mutt on 2002-02-13: date: 2002/02/13 09:53:33; author: roessler; state: Exp; lines: +4 -21 Fix mutt_pad_string; from Edmund Grimley Evans. (MAY NEED TO BE BACKPORTED.)"
Allocated CAN-2004-0078 for this issue; treating still as embargoed until we've backported, told vendor-sec and upstream etc.
Removing embargo, this became public in February: http://marc.theaimsgroup.com/?l=bugtraq&m=107651677817933&w=2
closed see: http://www.redhat.com/archives/fedora-announce-list/2004-February/msg00015.html