[Ipcop-svn] SF.net SVN: ipcop:[6966] ipcop/trunk

Fri, 15 Mar 2013 23:12:41 -0700 

Revision: 6966
          http://ipcop.svn.sourceforge.net/ipcop/?rev=6966&view=rev
Author:   gespinasse
Date:     2013-03-16 06:12:29 +0000 (Sat, 16 Mar 2013)
Log Message:
-----------
Fix CVE-2012-5134 using upstream patch

Modified Paths:
--------------
    ipcop/trunk/lfs/libxml2

Added Paths:
-----------
    ipcop/trunk/src/patches/libxml2-2.9.0_CVE-2012-5134.patch

Modified: ipcop/trunk/lfs/libxml2
===================================================================
--- ipcop/trunk/lfs/libxml2     2013-03-16 06:07:46 UTC (rev 6965)
+++ ipcop/trunk/lfs/libxml2     2013-03-16 06:12:29 UTC (rev 6966)
@@ -86,6 +86,7 @@
 $(TARGET) : $(firstword $(MAKEFILE_LIST)) $(patsubst %,$(DIR_DL)/%,$(objects))
        @$(PREBUILD)
        @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
+       cd $(DIR_APP) && patch -p1 -i 
$(DIR_PATCHES)/$(THISAPP)_CVE-2012-5134.patch
 
        # --docdir does nothing on 2.7.8
        # --with-minimum is broken on 2.7.8, not on 2.7.7 but hard to know what 
to test

Added: ipcop/trunk/src/patches/libxml2-2.9.0_CVE-2012-5134.patch
===================================================================
--- ipcop/trunk/src/patches/libxml2-2.9.0_CVE-2012-5134.patch                   
        (rev 0)
+++ ipcop/trunk/src/patches/libxml2-2.9.0_CVE-2012-5134.patch   2013-03-16 
06:12:29 UTC (rev 6966)
@@ -0,0 +1,19 @@
+commit 6a36fbe3b3e001a8a840b5c1fdd81cefc9947f0d
+Author: Daniel Veillard <veill...@redhat.com>
+Date:   Mon Oct 29 10:39:55 2012 +0800
+
+    Fix potential out of bound access
+
+diff --git a/parser.c b/parser.c
+index 0d8d7f2..bd634e9 100644
+--- a/parser.c
++++ b/parser.c
+@@ -4076,7 +4076,7 @@ xmlParseAttValueComplex(xmlParserCtxtPtr ctxt, int 
*attlen, int normalize) {
+         goto error;
+ 
+     if ((in_space) && (normalize)) {
+-        while (buf[len - 1] == 0x20) len--;
++        while ((len > 0) && (buf[len - 1] == 0x20)) len--;
+     }
+     buf[len] = 0;
+     if (RAW == '<') {

This was sent by the SourceForge.net collaborative development platform, the 
world's largest Open Source development site.


------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_d2d_mar
_______________________________________________
Ipcop-svn mailing list
Ipcop-svn@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ipcop-svn

Reply via email to