-
Committer:
Package Import Robot
-
Author(s):
Markus Koschany
-
Date:
2014-02-11 14:27:45 UTC
-
Revision ID:
package-import@ubuntu.com-20140211142745-8qt311nrxwe07yqt
Tags: 2.3.2-1+deb7u1
* Fix CVE-2012-5645 and CVE-2012-6083.
- CVE-2012-5645: Added return value indicating success or failure for all
dio_get_xxx() functions, and check that value to avoid infinite loop in
reading arrays from network when there's no more data even though it's
expected.
- CVE-2012-6083: Sanity check packet length received over network against
values less than header length alone to avoid situation where body length
is considered negative.