/[smeserver]/rpms/php/sme8/php-5.3.3-CVE-2014-3587.patch
ViewVC logotype

Contents of /rpms/php/sme8/php-5.3.3-CVE-2014-3587.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph

Revision 1.1 - (show annotations) (download)
Sat Oct 18 10:16:16 2014 UTC (10 years ago) by vip-ire
Branch: MAIN
CVS Tags: php-5_3_3-17_el5_sme, php-5_3_3-16_el5_sme, HEAD 
* Sat Oct 18 2014 Daniel Berteaud <daniel@firewall-services.com> - 5.3.3-16.sme
- Resync with upstream php53, which include (see [SME: 8574])
- spl: fix use-after-free in ArrayIterator due to object
  change during sorting. CVE-2014-4698
- spl: fix use-after-free in SPL Iterators. CVE-2014-4670
- gd: fix NULL pointer dereference in gdImageCreateFromXpm.
  CVE-2014-2497
- fileinfo: fix incomplete fix for CVE-2012-1571 in
  cdf_read_property_info. CVE-2014-3587
- core: fix incomplete fix for CVE-2014-4049 DNS TXT
  record parsing. CVE-2014-3597
1 From 0641e56be1af003aa02c7c6b0184466540637233 Mon Sep 17 00:00:00 2001
2 From: Christos Zoulas <christos@zoulas.com>
3 Date: Thu, 7 Aug 2014 09:38:35 +0000
4 Subject: [PATCH] Prevent wrap around (Remi Collet at redhat)
5
6 ---
7 src/cdf.c | 6 +++++-
8 1 file changed, 5 insertions(+), 1 deletion(-)
9
10 diff --git a/src/cdf.c b/src/cdf.c
11 index 5dbf3b1..3e691f4 100644
12 --- a/ext/fileinfo/libmagic/cdf.c 2014-08-14 14:40:06.875720471 +0200
13 +++ b/ext/fileinfo/libmagic/cdf.c 2014-08-14 14:41:19.907273015 +0200
14 @@ -768,6 +768,10 @@
15 q = (const uint32_t *)(const void *)
16 ((const char *)(const void *)p + ofs
17 - 2 * sizeof(uint32_t));
18 + if (q < p) {
19 + DPRINTF(("Wrapped around %p < %p\n", q, p));
20 + goto out;
21 + }
22 if (q > e) {
23 DPRINTF(("Ran of the end %p > %p\n", q, e));
24 goto out;
25 --
26 2.0.3
27
admin@koozali.org
 ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed