bug#987: marked as done (mutt-1.3.25i: Mutt 1.3.25i coredumps on trying to display certain messages.)
Your message dated Sat, 12 Jun 2004 01:55:03 +0100
with message-id <20040612005503.GO12059@xxxxxxxxxxxxxxxxxxxxx>
and subject line Close.
has caused the attached bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Herr der Kaefer
(administrator, GUUG bugs database)
--------------------------------------
Received: (at submit) by bugs.guug.de; 17 Jan 2002 18:37:16 +0000
>From cliftonr@xxxxxxxx Thu Jan 17 19:37:15 2002
Received: from malasada.lava.net ([64.65.64.17]
ident={E38igGUjkipPFobzOn21gQAtN4CH8esj})
by trithemius.gnupg.org with esmtp (Exim 3.12 #1 (Debian))
id 16RHPX-0000Et-00
for <submit@xxxxxxxxxxxx>; Thu, 17 Jan 2002 19:37:15 +0100
Received: from localhost (13758 bytes) by malasada.lava.net; Thu, 17 Jan 2002
08:35:26 -1000 (HST)
via sendmail [stdio] id <m16RHNm-000qFyC@xxxxxxxxxxxxxxxxx>
for <submit@xxxxxxxxxxxx>
Message-Id: <m16RHNm-000qFyC@xxxxxxxxxxxxxxxxx>
Date: Thu, 17 Jan 2002 08:35:26 -1000 (HST)
From: cliftonr@xxxxxxxx (Clifton Royston)
Subject: mutt-1.3.25i: Mutt 1.3.25i coredumps on trying to display certain
messages.
To: submit@xxxxxxxxxxxx
Bcc:
Package: mutt
Version: 1.3.25i
Severity: grave
-- Please type your report below this line
Mutt 1.3.25 worked OK in my preliminary testing, but once it was
installed on this system, I and the (only?) other mutt user on this
system both experienced core dumps when reading certain messages.
(BTW, gdb hung on the input from flea and I had to SIGTERM it from
another shell; I think there is some incompatiblity between the
flea-generated gdb.rc and the gdb version on this system. However it
looks like you've got some usable output anyway.)
Because the crash was a segfault and was triggered repeatably by
reading specific input messages in both cases, that suggests a
potential for a remote email-based exploit like the one recently fixed.
The single email in the mailbox attached below (a spam complaint resent
to me by way of the abuse role account, in this case) reproducibly
crashes mutt1.3.25 on this system. mutt1.0 can read it fine.
-- ~/Mail/poisonmeat
>From abuse Tue Jan 15 10:48:15 2002
Return-Path: <abuse>
Received: from localhost (7457 bytes) by malasada.lava.net; Tue, 15 Jan 2002
10:48:12 -1000 (HST)
via sendmail [stdio] id <m16QaVA-0014ESC@xxxxxxxxxxxxxxxxx>
for <cliftonr>
Sender: abuse (LavaNet Abuse Staff)
Received: from pantano.theriver.com ([205.216.137.2]) (7289 bytes) by
malasada.lava.net; Tue, 15 Jan 2002 10:48:08 -1000 (HST)
via sendmail [esmtp] id <m16QaV6-0014CrC@xxxxxxxxxxxxxxxxx>
for <abuse@xxxxxxxx>
Received: from azkid1 (a8.pm3-24.theriver.com [206.102.192.24])
by pantano.theriver.com (Postfix) with SMTP id A5DB91A6CB2
for <abuse@xxxxxxxx>; Tue, 15 Jan 2002 13:47:47 -0700 (MST)
Message-ID: <001001c19e06$0d142160$64f1fea9@xxxxxxxxxxxxxxx>
From: "Lynn & John Dalton" <azkid@xxxxxxxxxxxx>
To: <abuse@xxxxxxxx>
Subject: Fw: Finacnial Letter #10849
Date: Tue, 15 Jan 2002 13:48:56 -0700
MIME-Version: 1.0
Content-Type: text/plain;
charset="Windows-1252"
Content-Transfer-Encoding: 8bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
X-Input: 205.216.137.2
Content-Length: 6499
Lines: 195
----- Original Message -----
From: <investing@xxxxxxxx>
To: <investor@xxxxxxxxxxxxxxxx>
Sent: Wednesday, January 16, 2002 1:14 AM
Subject: Finacnial Letter #10849
>
>
>
(((((((((((((((((((((((((((((((((((((((())))))))))))))))))))))))))))))))))))
)))
>
> GREENWICH FINANCIAL RESEARCH Issue 957 January 15, 2001
>
>
> Visit Greenwich Financial Research at
> http://greenwichfinancial.sg.st
>
>
> Rating: Strong Buy
>
>
> Symbol ..... CVIA
>
> Shares Outstanding ..... 42,900,000
>
> Float (est.) ...... 19,300,000
>
> 3-6 Month Target ...... $1.50
>
> 12-18 month target ...... $5.00
>
>
>
(((((((((((((((((((((((((((((((((((((((())))))))))))))))))))))))))))))))))))
)))
>
>
> (OTCBB: ) Earns revenues of $40 Million annually.
>
> Congratulations to subscribers who heeded our
> last recommendation (OTC BB: BCTL), you would
> have realized an average gain of 60% within days
> of our recommendation. Good Job!
>
> The Company
>
> Coprporate Vision, Inc, is a growth-oriented,
> business venture company, with current holdings
> and investments in Technology and the Enviroment.
>
> Corporate Vision will unviel transportation
> division with acquisition of $40+Million Trucking
> Company.
>
>
> The Industry
>
> Conservative forecasts for 2002 call for B-Right
> Trucking Company, Inc. revenues to exceed $40
> million. Currently selling at just over .20 cents,
> Corporate Vision represents a compelling prospect
> for the astute investor.
>
>
> The Market
>
> The transportation industry is a high volume
> entity. Very competative and highly fragmented.
> B-Right has been in business for over 40 years
> and has a network of over 300 trucks out of 35
> terminals nationwide.
>
> B-Right is coming out with a new transportaion
> system that is said to produce 50% growth by the
> end of the year. Keep an eye on this company in
> the future as it will grow to substancial
> proportions.
>
>
> Investment Opportunity
>
> Through key strategic alliances, state-of the -art
> technology and a seasoned management team, is well
> positioned to benefit from a multi billion dollar
> sector. $45 million dollar projected revenues could
> easily make a $1.50 stock. Currently is trading
> around $.15, the opportunity to take advantage at
> this level is inviting for astute investors. Don't
> miss this one!
>
>
>
>
>
(((((((((((((((((((((((((((((((((((((((())))))))))))))))))))))))))))))))))))
)))
>
> You are receiving this email because you have opt-in
> at USFANN.com. This site was dedicated to investors
> all over the world. If you would like to be removed
> please follow the link below.
> http://www.removegreen.sg.st
>
>
(((((((((((((((((((((((((((((((((((((((())))))))))))))))))))))))))))))))))))
)))
>
>
(((((((((((((((((((((((((((((((((((((((())))))))))))))))))))))))))))))))))))
)))
>
>
>
>
> Please be advised that Greenwichfinancial.com is
> not affiliated with any broker or dealer. We are
> not offering securities for sale or a solicitation
> of any offer to buy securities. An offer to buy
> securities can be made only with the accompanying
> disclosure documents and only in the states and
> provinces for which they are approved. The
> information on this recommendation reflects
> personal opinion of the author. The information
> contained is gathered by researching extensively
> from company news, SEC filings, company profiles,
> brokerages, other research sites, business contacts,
> electronic databases and all forms of information
> media. In addition, we do not accept any liability
> for the accuracy of the data contained on this
> recommendation and the data is subject to change
> without any further notice. Information in these
> reports is provided to us by management and is not
> audited unless indicated. Readers are advised to
> do their own investment research and verify all
> claims to make the best decision. We are not in
> any way responsible for any profits or losses
> resulting from acting upon the recommendations.
> We reserve the right to buy or sell our position
> in any company we profile at any time.
>
>
> Release of Liability: Through use of this newsletter
> viewing or posting you agree to hold Greenwich
> Financial Research, its operators owners and
> employees harmless and to completely release them
> from any and all liability due to any and all loss
> (monetary or otherwise), damage (monetary or
> otherwise), or injury (monetary or otherwise) that
> you may incur.
>
> All information on featured companies is provided by
> the companies profiled, or is available from public
> sources and Greenwich Financial Research makes no
> representations, warranties or guarantees as to the
> accuracy or completeness of the disclosure by the
> profiled companies. Greenwich Financial Research,
> nor any of its affiliates are not registered
> investment advisors or a broker dealers. Greenwich
> Financial Research has been advised that the
> investments in companies profiled are considered
> to be high risk and use of the information provided
> is at the investor?s sole risk. Greenwich Financial
> Research has also been advised that the purchase of
> such high risk securities may result in the loss of
> some or all of the investment. Investors should not
> rely solely on the information presented. Rather,
> investors should use the information provided by the
> profiled companies as a starting point for doing
> additional independent research on the profiled
> companies in order to allow the investor to form
> his or her own opinion regarding investing in the
> profiled companies. Factual statements made by the
> profiled companies are made as of the date stated
> and are subject to change without notice. Investing
> in micro-cap securities is highly speculative and
> carries an extremely high degree of risk. It is
> possible that an investor?s entire investment may
> be lost or impaired due to the speculative nature
> of the companies profiled. Greenwich Financial
> Research makes no recommendation that the securities
> of the companies profiled should be purchased, sold
> or held by individuals or entities that learn of the
> profiled companies through Greenwich Financial Research.
>
> Greenwich Financial Research owners may or may not hold
> positions in the companies that are profiled. Greenwich
> Financial Research was paid $10,000 from an individual
> to advertise. It is possible that an investor?s investment
> may be lost or impaired due to the speculative nature of
> the companies profiled.
>
>
-- Build environment information
(Note: This is the build environment installed on the system
muttbug is run on. Information may or may not match the environment
used to build mutt.)
- gcc version information
gcc
Using builtin specs.
gcc version egcs-2.91.66 19990314 (egcs-1.1.2 release)
- CFLAGS
-Wall -pedantic -g -O2
-- Mutt Version Information
Mutt 1.3.25i (2002-01-01)
Copyright (C) 1996-2001 Michael R. Elkins and others.
Mutt comes with ABSOLUTELY NO WARRANTY; for details type `mutt -vv'.
Mutt is free software, and you are welcome to redistribute it
under certain conditions; type `mutt -vv' for details.
System: BSD/OS 4.1 (i386) [using ncurses 5.0]
Compile options:
-DOMAIN
+DEBUG
-HOMESPOOL -USE_SETGID +USE_DOTLOCK -DL_STANDALONE
+USE_FCNTL -USE_FLOCK
-USE_POP +USE_IMAP -USE_GSS +USE_SSL -USE_SASL
+HAVE_REGCOMP -USE_GNU_REGEX
+HAVE_COLOR +HAVE_START_COLOR +HAVE_TYPEAHEAD +HAVE_BKGDSET
+HAVE_CURS_SET +HAVE_META +HAVE_RESIZETERM
+HAVE_PGP -BUFFY_SIZE -EXACT_ADDRESS -SUN_ATTACHMENT
+ENABLE_NLS -LOCALES_HACK -HAVE_WC_FUNCS -HAVE_LANGINFO_CODESET
-HAVE_LANGINFO_YESEXPR
+HAVE_ICONV -ICONV_NONTRANS -HAVE_GETSID +HAVE_GETADDRINFO
ISPELL="/usr/contrib/bin/ispell"
SENDMAIL="/usr/sbin/sendmail"
MAILPATH="/var/mail"
PKGDATADIR="/usr/local/share/mutt"
SYSCONFDIR="/usr/local/etc"
EXECSHELL="/bin/sh"
-MIXMASTER
To contact the developers, please mail to <mutt-dev@xxxxxxxx>.
To report a bug, please use the flea(1) utility.
-- Core Dump Analysis Output
GNU gdb
Copyright 1998 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "i386-unknown-bsdi4.1"...
Core was generated by `mutt'.
Program terminated with signal 11, Segmentation fault.
#0 0x481f8477 in libiconv ()
#0 0x481f8477 in libiconv ()
#1 0x808de9c in mutt_iconv (cd=0x2c646573, inbuf=0x80459a8,
inbytesleft=0x80459ac, outbuf=0x80459b0, outbytesleft=0x80459b4,
inrepls=0x0, outrepl=0x80a95d0 "?") at charset.c:353
#2 0x80636d6 in convert_to_state (cd=0x2c646573,
bufi=0x80461b8 "\225s sole risk. Greenwich Financial\n> Research has also
been advised that the purchase of\n> such high risk securities may result in
the loss of\n> some or all of the investment. Investors should not\n> re"...,
l=0x80461b4, s=0x80468b8) at handler.c:109
#3 0x80637f6 in mutt_decode_xbit (s=0x6220646c, len=1970282597,
istext=1634231154, cd=0x2c646573) at handler.c:146
#4 0x756f6873 in ?? ()
Cannot access memory at address 0x2064656c.
(gdb)
(gdb)
--- Begin /home/staff/cliftonr/.muttrc
set alias_file=~/.aliases
source ~/.aliases
subscribe cricket-users
subscribe social-l jokes-l crude-l
subscribe onc-members
subscribe crypto-gram
subscribe geek
subscribe hix-l
subscribe webmasters-l
subscribe blackbook-l
subscribe members@xxxxxxxxxxxx
subscribe susie@xxxxxxxxxxxxxxx
subscribe cricket
subscribe qpopper
subscribe rrd
subscribe wordsmith
subscribe freebsd
subscribe openbsd
set alternates="cliftonr@.*"
set hostname="lava.net"
set record="=sent"
set mbox="=received"
set save_name askcc beep_new hidden_host
set delete=ask-yes
set move=ask-no
set pager_context=1
set sort=threads
set sort_aux=date
set to_chars=" TtcF"
set forward_format="(Fwd) %s"
set forward_quote
unset wrap_search save_empty
mono tree bold
mono status reverse
mono search bold
mono index underline ~N
mono index none ~l
mono index bold ~Csystem@lava
mono error standout
color tree yellow default
color status white blue
color search yellow default
color index green default ~N
color index blue default ~l
mono index bold ~Csystem@lava
color index red default ~Csystem@lava
color error white red
macro pager y iy
bind generic X exit
bind generic \^ first-entry
bind generic $ last-entry
bind generic < previous-page
bind generic > next-page
bind pager \^ top
bind pager $ bottom
bind index x exit
bind index $ last-entry
bind index \Cl sync-mailbox
bind index = sync-mailbox
macro index Q q^M^M
macro index \cb |urlview\n
macro pager \cb |urlview\n
auto_view text/html
--- End /home/staff/cliftonr/.muttrc
--- Begin /usr/local/etc/Muttrc
ignore "from " received content- mime-version status x-status message-id
ignore sender references return-path lines
macro index \eb '/~b ' 'search in message bodies'
macro index \cb |urlview\n 'call urlview to extract URLs out of a message'
macro pager \cb |urlview\n 'call urlview to extract URLs out of a message'
macro generic <f1> "!less /usr/local/doc/mutt/manual.txt\n" "Show Mutt
documentation"
macro index <f1> "!less /usr/local/doc/mutt/manual.txt\n" "Show Mutt
documentation"
macro pager <f1> "!less /usr/local/doc/mutt/manual.txt\n" "Show Mutt
documentation"
--- End /usr/local/etc/Muttrc
---------------------------------------
Received: (at 1161-done) by bugs.guug.de; 12 Jun 2004 00:53:11 +0000
>From paul@xxxxxxxxxxxxxxxxxxxxx Sat Jun 12 02:53:09 2004
Received: from anchor-post-31.mail.demon.net ([194.217.242.89])
by trithemius.gnupg.org with esmtp (Exim 3.35 #1 (Debian))
id 1BYwlh-0005xU-00
for <1161-done@xxxxxxxxxxxx>; Sat, 12 Jun 2004 02:53:09 +0200
Received: from black-sun.demon.co.uk ([212.228.147.62] helo=nova)
by anchor-post-31.mail.demon.net with esmtp (Exim 3.35 #1)
id 1BYwof-0001Bc-0V
for 1161-done@xxxxxxxxxxxx; Sat, 12 Jun 2004 01:56:17 +0100
Received: from paul
by nova with local id 1BYwnh-00053J-HG
for <1161-done@xxxxxxxxxxxx>; Sat, 12 Jun 2004 01:55:13 +0100
Date: Sat, 12 Jun 2004 01:55:03 +0100
From: Paul Walker <paul@xxxxxxxxxxxxxxxxxxxxx>
To: 1161-done@xxxxxxxxxxxx
Subject: Close.
Message-ID: <20040612005503.GO12059@xxxxxxxxxxxxxxxxxxxxx>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="s9fJI615cBHmzTOP"
Content-Disposition: inline
User-Agent: Mutt/1.5.5.1+cvs20040105i
X-Spam-Status: No, hits=-107.0 required=4.0
tests=AWL,BAYES_20,PGP_SIGNATURE_2,USER_AGENT_MUTT,
USER_IN_WHITELIST
autolearn=ham version=2.55
X-Spam-Level:
X-Spam-Checker-Version: SpamAssassin 2.55 (1.174.2.19-2003-05-19-exp)
--s9fJI615cBHmzTOP
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Cannot reproduce; original submitter no longer seems to be contactable at
any of joop@xxxxxxxxxxxx, joop@xxxxxx, or joop@xxxxxxxxxxxxxx=20
Robert - if I missed one and you're still seeing the problem, I apologise,
and we can re-open the bug. :-)
--=20
Paul
--s9fJI615cBHmzTOP
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFAylRnP9fOqdxRstoRAqByAKCfOhhgO/GDS9wBFbexRRCU4fKQigCffPYM
VNPvFcTpTh/W+96BKfRKjSI=
=tjJM
-----END PGP SIGNATURE-----
--s9fJI615cBHmzTOP--