New branch 'debian-wheezy' available with the following commits:
commit b6ac53aac1d2822139f0fe283ffcfd9ece27843f
Author: Julien Cristau <[email protected]>
Date: Wed May 15 21:19:38 2013 +0200
Upload to wheezy-security
commit b5ddbb414a1cdd456ab3077dc566e7c4a2835900
Author: Alan Coopersmith <[email protected]>
Date: Fri Apr 26 16:33:03 2013 -0700
integer overflow in XF86DRIGetClientDriverName() [CVE-2013-1993 2/2]
clientDriverNameLength is a CARD32 and needs to be bounds checked before
adding one to it to come up with the total size to allocate, to avoid
integer overflow leading to underallocation and writing data from the
network past the end of the allocated buffer.
Reported-by: Ilja Van Sprundel <[email protected]>
Signed-off-by: Alan Coopersmith <[email protected]>
Signed-off-by: Julien Cristau <[email protected]>
commit 7acbf13aa7d1a2a0af734a551721125ab58ac320
Author: Alan Coopersmith <[email protected]>
Date: Fri Apr 26 16:31:58 2013 -0700
integer overflow in XF86DRIOpenConnection() [CVE-2013-1993 1/2]
busIdStringLength is a CARD32 and needs to be bounds checked before adding
one to it to come up with the total size to allocate, to avoid integer
overflow leading to underallocation and writing data from the network past
the end of the allocated buffer.
Reported-by: Ilja Van Sprundel <[email protected]>
Signed-off-by: Alan Coopersmith <[email protected]>
Signed-off-by: Julien Cristau <[email protected]>
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
Archive: http://lists.debian.org/[email protected]
