--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/procmail/patches/06.CVE-2014-3618.patch Thu Sep 04 13:24:25 2014 -0700
@@ -0,0 +1,22 @@
+This patch comes from upstream:
+
+http://seclists.org/oss-sec/2014/q3/495
+
+We presume it will be part of a future release of procmail.
+
+--- procmail-3.22/src/formisc.c.~2~ 2014-09-04 08:56:27.832599147 -0700
++++ procmail-3.22/src/formisc.c 2014-09-04 08:56:54.543558430 -0700
+@@ -84,12 +84,11 @@
+ case '"':*target++=delim='"';start++;
+ }
+ ;{ int i;
+- do
++ while(*start)
+ if((i= *target++= *start++)==delim) /* corresponding delimiter? */
+ break;
+ else if(i=='\\'&&*start) /* skip quoted character */
+ *target++= *start++;
+- while(*start); /* anything? */
+ }
+ hitspc=2;
+ }