libfs: Changes to 'debian-wheezy'

To: debian-x@lists.debian.org
Subject: libfs: Changes to 'debian-wheezy'
From: Julien Cristau <jcristau@alioth.debian.org>
Date: Thu, 23 May 2013 18:58:56 +0000
Message-id: <E1Ufaj2-0002Bn-Es@vasks.debian.org>

New branch 'debian-wheezy' available with the following commits:
commit 04dad3fde681c4381b55c24a7bfc828492834764
Author: Julien Cristau <jcristau@debian.org>
Date:   Mon May 13 23:32:54 2013 +0200

    Upload to wheezy-security

commit ca658fd3238440a73553df48e3292da071bd3635
Author: Alan Coopersmith <alan.coopersmith@oracle.com>
Date:   Sun Apr 14 09:07:32 2013 -0700

    Sign extension issue and integer overflow in FSOpenServer() [CVE-2013-1996]
    
    >       altlen = (int) *ad++; <-- if char is 0xff, will sign extend to int (0xffffffff == -1)
    >       alts[i].name = (char *) FSmalloc(altlen + 1); <-- -1 + 1 == 0
    > ...
    >       memmove(alts[i].name, ad, altlen); <-- memory corruption
    
    Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
    Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
    Signed-off-by: Julien Cristau <jcristau@debian.org>

Reply to:

Prev by Date: libxp: Changes to 'debian-unstable'
Next by Date: libxres: Changes to 'debian-wheezy'
Previous by thread: libxp: Changes to 'debian-unstable'
Next by thread: libxres: Changes to 'debian-wheezy'
Index(es):
- Date
- Thread