r6363 - in glibc-package/branches/glibc-branch-wheezy/debian: . patches patches/any

To: debian-glibc@lists.debian.org
Subject: r6363 - in glibc-package/branches/glibc-branch-wheezy/debian: . patches patches/any
From: Aurelien Jarno <aurel32@moszumanska.debian.org>
Date: Wed, 11 Feb 2015 22:18:35 +0000
Message-id: <[🔎] E1YLfcB-0008CI-Cg@moszumanska.debian.org>

Author: aurel32
Date: 2015-02-11 22:18:35 +0000 (Wed, 11 Feb 2015)
New Revision: 6363

Added:
   glibc-package/branches/glibc-branch-wheezy/debian/patches/any/cvs-getnetbyname.diff
Modified:
   glibc-package/branches/glibc-branch-wheezy/debian/changelog
   glibc-package/branches/glibc-branch-wheezy/debian/patches/series
Log:
debian/patches/any/cvs-getnetbyname.diff: new patch from upstream to fix
an infinite loop in getnetbyname (CVE-2014-9402). Closes: #775572.

Modified: glibc-package/branches/glibc-branch-wheezy/debian/changelog
===================================================================
--- glibc-package/branches/glibc-branch-wheezy/debian/changelog	2015-02-11 22:16:48 UTC (rev 6362)
+++ glibc-package/branches/glibc-branch-wheezy/debian/changelog	2015-02-11 22:18:35 UTC (rev 6363)
@@ -8,6 +8,8 @@
   * debian/patches/any/cvs-posix_spawn_file_actions_addopen.diff: new patch
     from upstream to fix a vulnerability in posix_spawn_file_actions_addopen
     (CVE-2014-4043). Closes: #751774.
+  * debian/patches/any/cvs-getnetbyname.diff: new patch from upstream to fix
+    an infinite loop in getnetbyname (CVE-2014-9402). Closes: #775572.
 
  -- Aurelien Jarno <aurel32@debian.org>  Wed, 11 Feb 2015 21:54:57 +0100
 

Added: glibc-package/branches/glibc-branch-wheezy/debian/patches/any/cvs-getnetbyname.diff
===================================================================
--- glibc-package/branches/glibc-branch-wheezy/debian/patches/any/cvs-getnetbyname.diff	                        (rev 0)
+++ glibc-package/branches/glibc-branch-wheezy/debian/patches/any/cvs-getnetbyname.diff	2015-02-11 22:18:35 UTC (rev 6363)
@@ -0,0 +1,19 @@
+2014-12-16  Florian Weimer  <fweimer@redhat.com>
+
+	[BZ #17630]
+	* resolv/nss_dns/dns-network.c (getanswer_r): Iterate over alias
+	names.
+
+--- a/resolv/nss_dns/dns-network.c
++++ b/resolv/nss_dns/dns-network.c
+@@ -398,8 +398,8 @@ getanswer_r (const querybuf *answer, int anslen, struct netent *result,
+ 
+ 	case BYNAME:
+ 	  {
+-	    char **ap = result->n_aliases++;
+-	    while (*ap != NULL)
++	    char **ap;
++	    for (ap = result->n_aliases; *ap != NULL; ++ap)
+ 	      {
+ 		/* Check each alias name for being of the forms:
+ 		   4.3.2.1.in-addr.arpa		= net 1.2.3.4

Modified: glibc-package/branches/glibc-branch-wheezy/debian/patches/series
===================================================================
--- glibc-package/branches/glibc-branch-wheezy/debian/patches/series	2015-02-11 22:16:48 UTC (rev 6362)
+++ glibc-package/branches/glibc-branch-wheezy/debian/patches/series	2015-02-11 22:18:35 UTC (rev 6363)
@@ -401,3 +401,4 @@
 any/cvs-wscanf.diff
 any/cvs-vfprintf.diff
 any/cvs-posix_spawn_file_actions_addopen.diff
+any/cvs-getnetbyname.diff

Reply to:

Prev by Date: r6362 - in glibc-package/branches/glibc-branch-wheezy/debian: . patches patches/any
Next by Date: r6364 - in glibc-package/branches/glibc-branch-wheezy/debian: . patches patches/any
Previous by thread: r6362 - in glibc-package/branches/glibc-branch-wheezy/debian: . patches patches/any
Next by thread: r6364 - in glibc-package/branches/glibc-branch-wheezy/debian: . patches patches/any
Index(es):
- Date
- Thread