r6363 - in glibc-package/branches/glibc-branch-wheezy/debian: . patches patches/any
Author: aurel32
Date: 2015-02-11 22:18:35 +0000 (Wed, 11 Feb 2015)
New Revision: 6363
Added:
glibc-package/branches/glibc-branch-wheezy/debian/patches/any/cvs-getnetbyname.diff
Modified:
glibc-package/branches/glibc-branch-wheezy/debian/changelog
glibc-package/branches/glibc-branch-wheezy/debian/patches/series
Log:
debian/patches/any/cvs-getnetbyname.diff: new patch from upstream to fix
an infinite loop in getnetbyname (CVE-2014-9402). Closes: #775572.
Modified: glibc-package/branches/glibc-branch-wheezy/debian/changelog
===================================================================
--- glibc-package/branches/glibc-branch-wheezy/debian/changelog 2015-02-11 22:16:48 UTC (rev 6362)
+++ glibc-package/branches/glibc-branch-wheezy/debian/changelog 2015-02-11 22:18:35 UTC (rev 6363)
@@ -8,6 +8,8 @@
* debian/patches/any/cvs-posix_spawn_file_actions_addopen.diff: new patch
from upstream to fix a vulnerability in posix_spawn_file_actions_addopen
(CVE-2014-4043). Closes: #751774.
+ * debian/patches/any/cvs-getnetbyname.diff: new patch from upstream to fix
+ an infinite loop in getnetbyname (CVE-2014-9402). Closes: #775572.
-- Aurelien Jarno <aurel32@debian.org> Wed, 11 Feb 2015 21:54:57 +0100
Added: glibc-package/branches/glibc-branch-wheezy/debian/patches/any/cvs-getnetbyname.diff
===================================================================
--- glibc-package/branches/glibc-branch-wheezy/debian/patches/any/cvs-getnetbyname.diff (rev 0)
+++ glibc-package/branches/glibc-branch-wheezy/debian/patches/any/cvs-getnetbyname.diff 2015-02-11 22:18:35 UTC (rev 6363)
@@ -0,0 +1,19 @@
+2014-12-16 Florian Weimer <fweimer@redhat.com>
+
+ [BZ #17630]
+ * resolv/nss_dns/dns-network.c (getanswer_r): Iterate over alias
+ names.
+
+--- a/resolv/nss_dns/dns-network.c
++++ b/resolv/nss_dns/dns-network.c
+@@ -398,8 +398,8 @@ getanswer_r (const querybuf *answer, int anslen, struct netent *result,
+
+ case BYNAME:
+ {
+- char **ap = result->n_aliases++;
+- while (*ap != NULL)
++ char **ap;
++ for (ap = result->n_aliases; *ap != NULL; ++ap)
+ {
+ /* Check each alias name for being of the forms:
+ 4.3.2.1.in-addr.arpa = net 1.2.3.4
Modified: glibc-package/branches/glibc-branch-wheezy/debian/patches/series
===================================================================
--- glibc-package/branches/glibc-branch-wheezy/debian/patches/series 2015-02-11 22:16:48 UTC (rev 6362)
+++ glibc-package/branches/glibc-branch-wheezy/debian/patches/series 2015-02-11 22:18:35 UTC (rev 6363)
@@ -401,3 +401,4 @@
any/cvs-wscanf.diff
any/cvs-vfprintf.diff
any/cvs-posix_spawn_file_actions_addopen.diff
+any/cvs-getnetbyname.diff
Reply to: