/[smeserver]/rpms/php/sme8/php-5.3.3-CVE-2014-3587.patch
ViewVC logotype

Annotation of /rpms/php/sme8/php-5.3.3-CVE-2014-3587.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph


Revision 1.1 - (hide annotations) (download)
Sat Oct 18 10:16:16 2014 UTC (10 years, 1 month ago) by vip-ire
Branch: MAIN
CVS Tags: php-5_3_3-17_el5_sme, php-5_3_3-16_el5_sme, HEAD
* Sat Oct 18 2014 Daniel Berteaud <daniel@firewall-services.com> - 5.3.3-16.sme
- Resync with upstream php53, which include (see [SME: 8574])
- spl: fix use-after-free in ArrayIterator due to object
  change during sorting. CVE-2014-4698
- spl: fix use-after-free in SPL Iterators. CVE-2014-4670
- gd: fix NULL pointer dereference in gdImageCreateFromXpm.
  CVE-2014-2497
- fileinfo: fix incomplete fix for CVE-2012-1571 in
  cdf_read_property_info. CVE-2014-3587
- core: fix incomplete fix for CVE-2014-4049 DNS TXT
  record parsing. CVE-2014-3597

1 vip-ire 1.1 From 0641e56be1af003aa02c7c6b0184466540637233 Mon Sep 17 00:00:00 2001
2     From: Christos Zoulas <christos@zoulas.com>
3     Date: Thu, 7 Aug 2014 09:38:35 +0000
4     Subject: [PATCH] Prevent wrap around (Remi Collet at redhat)
5    
6     ---
7     src/cdf.c | 6 +++++-
8     1 file changed, 5 insertions(+), 1 deletion(-)
9    
10     diff --git a/src/cdf.c b/src/cdf.c
11     index 5dbf3b1..3e691f4 100644
12     --- a/ext/fileinfo/libmagic/cdf.c 2014-08-14 14:40:06.875720471 +0200
13     +++ b/ext/fileinfo/libmagic/cdf.c 2014-08-14 14:41:19.907273015 +0200
14     @@ -768,6 +768,10 @@
15     q = (const uint32_t *)(const void *)
16     ((const char *)(const void *)p + ofs
17     - 2 * sizeof(uint32_t));
18     + if (q < p) {
19     + DPRINTF(("Wrapped around %p < %p\n", q, p));
20     + goto out;
21     + }
22     if (q > e) {
23     DPRINTF(("Ran of the end %p > %p\n", q, e));
24     goto out;
25     --
26     2.0.3
27    

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed