New branch 'debian-wheezy' available with the following commits: commit 04dad3fde681c4381b55c24a7bfc828492834764 Author: Julien Cristau <jcris...@debian.org> Date: Mon May 13 23:32:54 2013 +0200
Upload to wheezy-security commit ca658fd3238440a73553df48e3292da071bd3635 Author: Alan Coopersmith <alan.coopersm...@oracle.com> Date: Sun Apr 14 09:07:32 2013 -0700 Sign extension issue and integer overflow in FSOpenServer() [CVE-2013-1996] > altlen = (int) *ad++; <-- if char is 0xff, will sign extend to int (0xffffffff == -1) > alts[i].name = (char *) FSmalloc(altlen + 1); <-- -1 + 1 == 0 > ... > memmove(alts[i].name, ad, altlen); <-- memory corruption Reported-by: Ilja Van Sprundel <ivansprun...@ioactive.com> Signed-off-by: Alan Coopersmith <alan.coopersm...@oracle.com> Signed-off-by: Julien Cristau <jcris...@debian.org> -- To UNSUBSCRIBE, email to debian-x-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/e1ufaj2-0002bn...@vasks.debian.org