Hello community, here is the log from the commit of package gnutls for openSUSE:11.4 checked in at Tue Jan 24 15:38:10 CET 2012.
-------- --- old-versions/11.4/all/gnutls/gnutls.changes 2010-04-24 13:52:05.000000000 +0200 +++ 11.4/gnutls/gnutls.changes 2011-11-14 09:28:23.000000000 +0100 @@ -1,0 +2,6 @@ +Mon Nov 14 08:26:48 UTC 2011 - [email protected] + +- fix Bug 729486 - VUL-1: CVE-2011-4128: gnutls: buffer overflow + CVE-2011-4128 + +------------------------------------------------------------------- Package does not exist at destination yet. Using Fallback old-versions/11.4/all/gnutls Destination is old-versions/11.4/UPDATES/all/gnutls calling whatdependson for 11.4-i586 New: ---- CVE-2011-4128.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ gnutls.spec ++++++ --- /var/tmp/diff_new_pack.hJ3fng/_old 2012-01-24 15:37:48.000000000 +0100 +++ /var/tmp/diff_new_pack.hJ3fng/_new 2012-01-24 15:37:48.000000000 +0100 @@ -1,7 +1,7 @@ # -# spec file for package gnutls (Version 2.8.6) +# spec file for package gnutls # -# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -21,12 +21,13 @@ Name: gnutls BuildRequires: gcc-c++ libgcrypt-devel libopencdk-devel libtasn1-devel pkg-config Version: 2.8.6 -Release: 1 +Release: 5.<RELEASE6> License: LGPLv2.1+ BuildRoot: %{_tmppath}/%{name}-%{version}-build Url: http://www.gnutls.org/ Source0: %name-%version.tar.bz2 Source1: baselibs.conf +Patch1: CVE-2011-4128.patch Summary: The GNU Transport Layer Security Library Group: Productivity/Networking/Security AutoReqProv: on @@ -137,7 +138,7 @@ %prep %setup -q -#%patch1 -p1 +%patch1 -p1 #%patch2 -p1 %build ++++++ CVE-2011-4128.patch ++++++ Index: gnutls-2.8.6/lib/gnutls_session.c =================================================================== --- gnutls-2.8.6.orig/lib/gnutls_session.c +++ gnutls-2.8.6/lib/gnutls_session.c @@ -64,13 +64,14 @@ gnutls_session_get_data (gnutls_session_ gnutls_assert (); return ret; } - *session_data_size = psession.size; if (psession.size > *session_data_size) { + *session_data_size = psession.size; ret = GNUTLS_E_SHORT_MEMORY_BUFFER; goto error; } + *session_data_size = psession.size; if (session_data != NULL) memcpy (session_data, psession.data, psession.size); continue with "q"... Remember to have fun... -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
