/[smeserver]/rpms/php/sme8/php-5.3.3-CVE-2014-3480.patch
ViewVC logotype

Annotation of /rpms/php/sme8/php-5.3.3-CVE-2014-3480.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph

Revision 1.1 - (hide annotations) (download)
Thu Aug 7 07:05:52 2014 UTC (9 years, 10 months ago) by vip-ire
Branch: MAIN
CVS Tags: php-5_3_3-17_el5_sme, php-5_3_3-15_el5_sme, php-5_3_3-16_el5_sme, HEAD 
* Thu Aug 7 2014 Daniel Berteaud <daniel@firewall-services.com> - 5.3.3-15.sme
- Resync with upstream php53, which include (see [SME: 8515])
- core: type confusion issue in phpinfo(). CVE-2014-4721
- date: fix heap-based buffer over-read in DateInterval. CVE-2013-6712
- core: fix heap-based buffer overflow in DNS TXT record parsing.
  CVE-2014-4049
- core: unserialize() SPL ArrayObject / SPLObjectStorage type
  confusion flaw. CVE-2014-3515
- fileinfo: out-of-bounds memory access in fileinfo. CVE-2014-2270
- fileinfo: unrestricted recursion in handling of indirect type
  rules. CVE-2014-1943
- fileinfo: out of bounds read in CDF parser. CVE-2012-1571
- fileinfo: cdf_check_stream_offset boundary check. CVE-2014-3479
- fileinfo: cdf_count_chain insufficient boundary check. CVE-2014-3480
- fileinfo: cdf_unpack_summary_info() excessive looping
  DoS. CVE-2014-0237
- fileinfo: CDF property info parsing nelements infinite
  loop. CVE-2014-0238
1 vip-ire 1.1 From 40bade80cbe2af1d0b2cd0420cebd5d5905a2382 Mon Sep 17 00:00:00 2001
2     From: Christos Zoulas <christos@zoulas.com>
3     Date: Wed, 4 Jun 2014 17:23:19 +0000
4     Subject: [PATCH] Fix incorrect bounds check for sector count. (Francisco
5     Alonso and Jan Kaluza at RedHat)
6    
7     ---
8     src/cdf.c | 9 +++++----
9     1 file changed, 5 insertions(+), 4 deletions(-)
10    
11     diff --git a/src/cdf.c b/src/cdf.c
12     index 375406c..6652581 100644
13     --- a/ext/fileinfo/libmagic/cdf.c
14     +++ b/ext/fileinfo/libmagic/cdf.c
15     @@ -455,7 +455,8 @@ size_t
16     cdf_count_chain(const cdf_sat_t *sat, cdf_secid_t sid, size_t size)
17     {
18     size_t i, j;
19     - cdf_secid_t maxsector = (cdf_secid_t)(sat->sat_len * size);
20     + cdf_secid_t maxsector = (cdf_secid_t)((sat->sat_len * size)
21     + / sizeof(maxsector));
22    
23     DPRINTF(("Chain:"));
24     for (j = i = 0; sid >= 0; i++, j++) {
25     @@ -465,8 +466,8 @@ cdf_count_chain(const cdf_sat_t *sat, cdf_secid_t sid, size_t size)
26     errno = EFTYPE;
27     return (size_t)-1;
28     }
29     - if (sid > maxsector) {
30     - DPRINTF(("Sector %d > %d\n", sid, maxsector));
31     + if (sid >= maxsector) {
32     + DPRINTF(("Sector %d >= %d\n", sid, maxsector));
33     errno = EFTYPE;
34     return (size_t)-1;
35     }
36     --
37     1.9.3
38    
admin@koozali.org
 ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed