Hello community, here is the log from the commit of package firebird for openSUSE:Factory checked in at 2013-03-08 21:03:49 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/firebird (Old) and /work/SRC/openSUSE:Factory/.firebird.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "firebird", Maintainer is "" Changes: -------- --- /work/SRC/openSUSE:Factory/firebird/firebird-classic.changes 2012-11-12 16:04:50.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.firebird.new/firebird-classic.changes 2013-03-08 21:03:50.000000000 +0100 @@ -1,0 +2,11 @@ +Fri Mar 8 13:40:32 UTC 2013 - [email protected] + +- firebird-CORE-4058.patch: + fix remote stack overflow (bnc#808268, CVE-2013-2492) + +------------------------------------------------------------------- +Fri Jan 25 15:32:09 UTC 2013 - [email protected] + +- fix license string + +------------------------------------------------------------------- --- /work/SRC/openSUSE:Factory/firebird/firebird.changes 2013-01-29 13:26:49.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.firebird.new/firebird.changes 2013-03-08 21:03:50.000000000 +0100 @@ -1,0 +2,6 @@ +Fri Mar 8 13:40:32 UTC 2013 - [email protected] + +- firebird-CORE-4058.patch: + fix remote stack overflow (bnc#808268, CVE-2013-2492) + +------------------------------------------------------------------- New: ---- firebird-2.5.2-CORE-4058.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ firebird-classic.spec ++++++ --- /var/tmp/diff_new_pack.XOrTcQ/_old 2013-03-08 21:03:52.000000000 +0100 +++ /var/tmp/diff_new_pack.XOrTcQ/_new 2013-03-08 21:03:52.000000000 +0100 @@ -54,9 +54,10 @@ Patch8: %{bname}-2.5.2-runlevel.patch Patch9: ppc64-libdir.patch Patch10: %{bname}-2.5.2-icu49.patch -Patch11: %{bname}-2.5.2-isqlalign.patch -Patch12: %{bname}-2.5.2-isqllocale.patch -Patch13: %{bname}-2.5.2-isqlwidth.patch +Patch11: %{bname}-2.5.2-CORE-4058.patch +Patch21: %{bname}-2.5.2-isqlalign.patch +Patch22: %{bname}-2.5.2-isqllocale.patch +Patch23: %{bname}-2.5.2-isqlwidth.patch %description Classic architecture binaries for Firebird SQL server. These can be used @@ -83,8 +84,9 @@ %patch9 -p1 %patch10 -p1 %patch11 -p1 -%patch12 -p1 -%patch13 -p1 +%patch21 -p1 +%patch22 -p1 +%patch23 -p1 %build ./autogen.sh --prefix=%{_prefix} \ ++++++ firebird.spec ++++++ --- /var/tmp/diff_new_pack.XOrTcQ/_old 2013-03-08 21:03:52.000000000 +0100 +++ /var/tmp/diff_new_pack.XOrTcQ/_new 2013-03-08 21:03:52.000000000 +0100 @@ -53,9 +53,10 @@ Patch8: %{name}-2.5.2-runlevel.patch Patch9: ppc64-libdir.patch Patch10: %{name}-2.5.2-icu49.patch -Patch11: %{name}-2.5.2-isqlalign.patch -Patch12: %{name}-2.5.2-isqllocale.patch -Patch13: %{name}-2.5.2-isqlwidth.patch +Patch11: %{name}-2.5.2-CORE-4058.patch +Patch21: %{name}-2.5.2-isqlalign.patch +Patch22: %{name}-2.5.2-isqllocale.patch +Patch23: %{name}-2.5.2-isqlwidth.patch %description Firebird is a relational database offering many ANSI SQL standard @@ -77,8 +78,9 @@ %patch9 -p1 %patch10 -p1 %patch11 -p1 -%patch12 -p1 -%patch13 -p1 +%patch21 -p1 +%patch22 -p1 +%patch23 -p1 %build ./autogen.sh --prefix=%{_prefix} \ ++++++ firebird-2.5.2-CORE-4058.patch ++++++ >From 05ab6dfc94476837030936ac0fc822029f761c6f Mon Sep 17 00:00:00 2001 From: alexpeshkoff <alexpeshkoff@65644016-39b1-43b1-bf79-96bc8fe82c15> Date: Wed, 6 Mar 2013 11:33:08 +0000 Subject: [PATCH] Fixed CORE-4058 git-svn-id: svn+ssh://svn.code.sf.net/p/firebird/code/firebird/branches/B2_5_Release@57728 65644016-39b1-43b1-bf79-96bc8fe82c15 --- src/remote/inet.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/remote/inet.cpp b/src/remote/inet.cpp index ba69ae4..0aef49e 100644 --- a/src/remote/inet.cpp +++ b/src/remote/inet.cpp @@ -1252,7 +1252,7 @@ static bool accept_connection(rem_port* port, const P_CNCT* cnct) case CNCT_group: { const size_t length = id.getClumpLength(); - if (length != 0) + if (length <= sizeof(eff_gid) && length > 0) { eff_gid = 0; memcpy(&eff_gid, id.getBytes(), length); -- 1.7.10.4 -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
