Red Hat Bugzilla – Bug 816044
NULL pointer dereference while checking PGP signature notation
Last modified: 2012-05-04 18:57:25 EDT
There is an upstream report that while verifying PGP signature using crypt_use_gpgme=true, one can get segfault if the signature specifies policy URL. In that case gpgme returns NULL signature notation name and mutt passes the NULL to strcmp() which leads to segfault. See <http://dev.mutt.org/trac/ticket/3574> for more details, especially for a reproducer and a proposed fix. Reproduced with mutt-1.5.21-10.fc17.x86_64 gpgme-1.3.0-8.fc17.x86_64 successfully.
Thanks for the report. Just summarizing steps to reproduce: 1. download archive madduck.tar.gz from [1] and extract it to /tmp/madduck 2. run echo "set crypt_use_gpgme=yes">/tmp/muttrc 3. mutt -f /tmp/madduck -F /tmp/muttrc 4. open the only one message in the mailbox [1] http://dev.mutt.org/trac/ticket/3574
mutt-1.5.21-11.fc17 has been submitted as an update for Fedora 17. https://admin.fedoraproject.org/updates/mutt-1.5.21-11.fc17
Package mutt-1.5.21-11.fc17: * should fix your issue, * was pushed to the Fedora 17 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing mutt-1.5.21-11.fc17' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2012-6654/mutt-1.5.21-11.fc17 then log in and leave karma (feedback).
mutt-1.5.21-11.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report.