Viewing all changes in revision 23.
- Committer: Package Import Robot
- Date: 2014-02-11 14:27:45 UTC
- Revision ID: package-import@ubuntu.com-20140211142745-8qt311nrxwe07yqt
* Fix CVE-2012-5645 and CVE-2012-6083.
- CVE-2012-5645: Added return value indicating success or failure for all
dio_get_xxx() functions, and check that value to avoid infinite loop in
reading arrays from network when there's no more data even though it's
expected.
- CVE-2012-6083: Sanity check packet length received over network against
values less than header length alone to avoid situation where body length
is considered negative.
- CVE-2012-5645: Added return value indicating success or failure for all
dio_get_xxx() functions, and check that value to avoid infinite loop in
reading arrays from network when there's no more data even though it's
expected.
- CVE-2012-6083: Sanity check packet length received over network against
values less than header length alone to avoid situation where body length
is considered negative.
- files added:
- .pc/.quilt_patches
- .pc/CVE-2012-5645.patch
- .pc/CVE-2012-5645.patch/common
- .pc/CVE-2012-6083.patch
- .pc/CVE-2012-6083.patch/common
- files modified:
- .pc/applied-patches
expand all
collapse all
added
removed
