* [gentoo-commits] gentoo-x86 commit in net-im/tmsnc/files: tmsnc-UBX-buffer-overflow-CVE-2008-2828.patch
@ 2008-10-04 19:05 Robert Buchholz (rbu)
0 siblings, 0 replies; 3+ messages in thread
From: Robert Buchholz (rbu) @ 2008-10-04 19:05 UTC (permalink / raw
To: gentoo-commits
rbu 08/10/04 19:05:59
Added: tmsnc-UBX-buffer-overflow-CVE-2008-2828.patch
Log:
Fix stack based buffer overflow (security bug #229157)
(Portage version: 2.2_rc11/cvs/Linux 2.6.25-gentoo-r6 x86_64)
Revision Changes Path
1.1 net-im/tmsnc/files/tmsnc-UBX-buffer-overflow-CVE-2008-2828.patch
file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-im/tmsnc/files/tmsnc-UBX-buffer-overflow-CVE-2008-2828.patch?rev=1.1&view=markup
plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-im/tmsnc/files/tmsnc-UBX-buffer-overflow-CVE-2008-2828.patch?rev=1.1&content-type=text/plain
Index: tmsnc-UBX-buffer-overflow-CVE-2008-2828.patch
===================================================================
--- core_net.c 2006-10-17 13:09:56.000000000 +0200
+++ core_net.c.new 2008-06-20 14:59:42.000000000 +0200
@@ -845,11 +845,14 @@
i = atoi(ptr[0]);
free(ptr[0]);
+ if(i < 0 || i > sizeof(buf) - 1)
+ i = sizeof(buf) - 1;
if (read(session->sd, buf, i) != i) {
strncpy(message, "Couldn't read UBX payload",
message_len - 1);
return -1;
}
+ buf[sizeof(buf) - 1] = 0;
// parsing PSM, by gfhuang
if(0 == i) buf[0] = 0; //important, by gfhuang, when i=0, buf is untouched!
^ permalink raw reply [flat|nested] 3+ messages in thread
* [gentoo-commits] gentoo-x86 commit in net-im/tmsnc/files: tmsnc-UBX-buffer-overflow-CVE-2008-2828.patch
@ 2008-10-04 19:09 Robert Buchholz (rbu)
0 siblings, 0 replies; 3+ messages in thread
From: Robert Buchholz (rbu) @ 2008-10-04 19:09 UTC (permalink / raw
To: gentoo-commits
rbu 08/10/04 19:09:40
Modified: tmsnc-UBX-buffer-overflow-CVE-2008-2828.patch
Log:
whoops, fix patch
(Portage version: 2.2_rc11/cvs/Linux 2.6.25-gentoo-r6 x86_64)
Revision Changes Path
1.2 net-im/tmsnc/files/tmsnc-UBX-buffer-overflow-CVE-2008-2828.patch
file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-im/tmsnc/files/tmsnc-UBX-buffer-overflow-CVE-2008-2828.patch?rev=1.2&view=markup
plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-im/tmsnc/files/tmsnc-UBX-buffer-overflow-CVE-2008-2828.patch?rev=1.2&content-type=text/plain
diff : http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-im/tmsnc/files/tmsnc-UBX-buffer-overflow-CVE-2008-2828.patch?r1=1.1&r2=1.2
Index: tmsnc-UBX-buffer-overflow-CVE-2008-2828.patch
===================================================================
RCS file: /var/cvsroot/gentoo-x86/net-im/tmsnc/files/tmsnc-UBX-buffer-overflow-CVE-2008-2828.patch,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- tmsnc-UBX-buffer-overflow-CVE-2008-2828.patch 4 Oct 2008 19:05:58 -0000 1.1
+++ tmsnc-UBX-buffer-overflow-CVE-2008-2828.patch 4 Oct 2008 19:09:39 -0000 1.2
@@ -1,5 +1,5 @@
---- core_net.c 2006-10-17 13:09:56.000000000 +0200
-+++ core_net.c.new 2008-06-20 14:59:42.000000000 +0200
+--- src/core_net.c 2006-10-17 13:09:56.000000000 +0200
++++ src/core_net.c.new 2008-06-20 14:59:42.000000000 +0200
@@ -845,11 +845,14 @@
i = atoi(ptr[0]);
free(ptr[0]);
^ permalink raw reply [flat|nested] 3+ messages in thread
* [gentoo-commits] gentoo-x86 commit in net-im/tmsnc/files: tmsnc-UBX-buffer-overflow-CVE-2008-2828.patch
@ 2009-03-01 21:01 Olivier Crete (tester)
0 siblings, 0 replies; 3+ messages in thread
From: Olivier Crete (tester) @ 2009-03-01 21:01 UTC (permalink / raw
To: gentoo-commits
tester 09/03/01 21:01:47
Removed: tmsnc-UBX-buffer-overflow-CVE-2008-2828.patch
Log:
Remove net-im/tsmnc, bug #240045
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2009-03-01 21:01 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2008-10-04 19:09 [gentoo-commits] gentoo-x86 commit in net-im/tmsnc/files: tmsnc-UBX-buffer-overflow-CVE-2008-2828.patch Robert Buchholz (rbu)
-- strict thread matches above, loose matches on Subject: below --
2009-03-01 21:01 Olivier Crete (tester)
2008-10-04 19:05 Robert Buchholz (rbu)
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox