Author: aurel32
Date: 2015-01-31 23:11:50 +0000 (Sat, 31 Jan 2015)
New Revision: 6347
Added:
glibc-package/trunk/debian/patches/any/cvs-getnetbyname.diff
Modified:
glibc-package/trunk/debian/changelog
glibc-package/trunk/debian/patches/series
Log:
debian/patches/any/cvs-getnetbyname.diff: new patch from upstream to fix
an infinite loop in getnetbyname (CVE-2014-9402). Closes: #775572.
Modified: glibc-package/trunk/debian/changelog
===================================================================
--- glibc-package/trunk/debian/changelog 2015-01-31 21:10:48 UTC (rev
6346)
+++ glibc-package/trunk/debian/changelog 2015-01-31 23:11:50 UTC (rev
6347)
@@ -25,6 +25,8 @@
[ Aurelien Jarno ]
* debian/patches/any/cvs-wordexp.diff: new patch from upstream to fix a
command execution in wordexp() with WRDE_NOCMD specified (CVS-2014-7817).
+ * debian/patches/any/cvs-getnetbyname.diff: new patch from upstream to fix
+ an infinite loop in getnetbyname (CVE-2014-9402). Closes: #775572.
* debian/patches/git-updates.diff: update to the latest commit of the 2.19
branch to fix a few buffer overflow, unbounded stack allocation or memory
leaks that have not been (yet ?) tagged as security issue. This branch
Added: glibc-package/trunk/debian/patches/any/cvs-getnetbyname.diff
===================================================================
--- glibc-package/trunk/debian/patches/any/cvs-getnetbyname.diff
(rev 0)
+++ glibc-package/trunk/debian/patches/any/cvs-getnetbyname.diff
2015-01-31 23:11:50 UTC (rev 6347)
@@ -0,0 +1,19 @@
+2014-12-16 Florian Weimer <[email protected]>
+
+ [BZ #17630]
+ * resolv/nss_dns/dns-network.c (getanswer_r): Iterate over alias
+ names.
+
+--- a/resolv/nss_dns/dns-network.c
++++ b/resolv/nss_dns/dns-network.c
+@@ -398,8 +398,8 @@ getanswer_r (const querybuf *answer, int anslen, struct
netent *result,
+
+ case BYNAME:
+ {
+- char **ap = result->n_aliases++;
+- while (*ap != NULL)
++ char **ap;
++ for (ap = result->n_aliases; *ap != NULL; ++ap)
+ {
+ /* Check each alias name for being of the forms:
+ 4.3.2.1.in-addr.arpa = net 1.2.3.4
Modified: glibc-package/trunk/debian/patches/series
===================================================================
--- glibc-package/trunk/debian/patches/series 2015-01-31 21:10:48 UTC (rev
6346)
+++ glibc-package/trunk/debian/patches/series 2015-01-31 23:11:50 UTC (rev
6347)
@@ -265,3 +265,4 @@
any/local-static-dlopen-search-path.diff
any/cvs-regex-alloca.diff
any/cvs-wordexp.diff
+any/cvs-getnetbyname.diff
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
Archive: https://lists.debian.org/[email protected]
