tags 491182 + patch pending
thanks
Hi,
The following is the diff for my byacc 20070509-1.1 NMU
on its way.
Kind regards
T.
diff -u byacc-20070509/debian/changelog byacc-20070509/debian/changelog
--- byacc-20070509/debian/changelog
+++ byacc-20070509/debian/changelog
@@ -1,3 +1,11 @@
+byacc (20070509-1.1) unstable; urgency=high
+
+ * Non-maintainer upload.
+ * Fix stack overflow in skeleton.c with upstream patch.
+ Closes: #491182 aka CVE-2008-3196
+
+ -- Thomas Viehmann <[EMAIL PROTECTED]> Sun, 24 Aug 2008 23:13:07 +0200
+
byacc (20070509-1) unstable; urgency=low
* New upstream release
only in patch2:
unchanged:
--- byacc-20070509.orig/skeleton.c
+++ byacc-20070509/skeleton.c
@@ -21,6 +21,7 @@
"#endif",
"",
"#include <stdlib.h>",
+ "#include <string.h>",
"",
"#define YYBYACC 1",
CONCAT1("#define YYMAJOR ", YYMAJOR),
@@ -275,7 +276,10 @@
" YYPREFIX, yystate, yyn, yyrule[yyn]);",
"#endif",
" yym = yylen[yyn];",
- " yyval = yyvsp[1-yym];",
+ " if (yym)",
+ " yyval = yyvsp[1-yym];",
+ " else",
+ " memset(&yyval, 0, sizeof yyval);",
" switch (yyn)",
" {",
0
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
