New branch 'debian-wheezy' available with the following commits:
commit 04dad3fde681c4381b55c24a7bfc828492834764
Author: Julien Cristau <[email protected]>
Date: Mon May 13 23:32:54 2013 +0200
Upload to wheezy-security
commit ca658fd3238440a73553df48e3292da071bd3635
Author: Alan Coopersmith <[email protected]>
Date: Sun Apr 14 09:07:32 2013 -0700
Sign extension issue and integer overflow in FSOpenServer() [CVE-2013-1996]
> altlen = (int) *ad++; <-- if char is 0xff, will sign extend to int
(0xffffffff == -1)
> alts[i].name = (char *) FSmalloc(altlen + 1); <-- -1 + 1 == 0
> ...
> memmove(alts[i].name, ad, altlen); <-- memory corruption
Reported-by: Ilja Van Sprundel <[email protected]>
Signed-off-by: Alan Coopersmith <[email protected]>
Signed-off-by: Julien Cristau <[email protected]>
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
Archive: http://lists.debian.org/[email protected]
