jsbronder 14/06/19 19:55:00 Added: CVE-2014-0749.patch CVE-2013-4495.patch Log: Bump 2.5.13 with additional patches for CVE-2013-4495 (#491270) and CVE-2014-0749 (#510726) (Portage version: 2.2.8-r1/cvs/Linux x86_64, signed Manifest commit with key 4D7043C9)
Revision Changes Path 1.1 sys-cluster/torque/files/CVE-2014-0749.patch file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sys-cluster/torque/files/CVE-2014-0749.patch?rev=1.1&view=markup plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sys-cluster/torque/files/CVE-2014-0749.patch?rev=1.1&content-type=text/plain Index: CVE-2014-0749.patch =================================================================== >From 3ed749263abe3d69fa3626d142a5789dcb5a5684 Mon Sep 17 00:00:00 2001 From: David Beer <[email protected]> Date: Fri, 23 Aug 2013 15:53:09 -0600 Subject: [PATCH] Merge pull request #171 into 2.5-fixes. --- src/lib/Libdis/disrsi_.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/src/lib/Libdis/disrsi_.c b/src/lib/Libdis/disrsi_.c index 69edd28..154514c 100644 --- a/src/lib/Libdis/disrsi_.c +++ b/src/lib/Libdis/disrsi_.c @@ -112,6 +112,15 @@ int disrsi_( if (dis_umaxd == 0) disiui_(); + if (count >= dis_umaxd) + { + if (count > dis_umaxd) + goto overflow; + + if (memcmp(scratch, dis_umax, dis_umaxd) > 0) + goto overflow; + } + switch (c = (*dis_getc)(stream)) { -- 1.8.3.2 1.1 sys-cluster/torque/files/CVE-2013-4495.patch file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sys-cluster/torque/files/CVE-2013-4495.patch?rev=1.1&view=markup plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sys-cluster/torque/files/CVE-2013-4495.patch?rev=1.1&content-type=text/plain Index: CVE-2013-4495.patch =================================================================== >From 8246d967bbcf174482ef01b1bf4920a5944b1011 Mon Sep 17 00:00:00 2001 From: David Beer <[email protected]> Date: Wed, 13 Nov 2013 10:47:48 -0700 Subject: [PATCH] Use Michael Jenning's patch for CVE 2013-4495 instead of the original. This one is being used because 2.5 should face the minimal possible change. --- src/server/svr_mail.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/src/server/svr_mail.c b/src/server/svr_mail.c index 26b6dd7..241bdfc 100644 --- a/src/server/svr_mail.c +++ b/src/server/svr_mail.c @@ -372,11 +372,9 @@ void svr_mailowner( exit(1); } - sprintf(cmdbuf, "%s -f %s %s", - + sprintf(cmdbuf, "%s -t -f %s", SENDMAIL_CMD, - mailfrom, - mailto); + mailfrom); outmail = (FILE *)popen(cmdbuf, "w"); -- 1.8.3.2
