rpms/linuxdcpp/F-9 linuxdcpp-CVE-2008-2953.patch, NONE, 1.1 linuxdcpp-CVE-2008-2954.patch, NONE, 1.1 linuxdcpp.spec, 1.5, 1.6
Marcin Garski (mgarski)
fedora-extras-commits at redhat.com
Wed Jul 2 11:50:33 UTC 2008
Author: mgarski
Update of /cvs/pkgs/rpms/linuxdcpp/F-9
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv23973
Modified Files:
linuxdcpp.spec
Added Files:
linuxdcpp-CVE-2008-2953.patch linuxdcpp-CVE-2008-2954.patch
Log Message:
- Fix for CVE-2008-2953 and CVE-2008-2954 (#453731)
linuxdcpp-CVE-2008-2953.patch:
--- NEW FILE linuxdcpp-CVE-2008-2953.patch ---
--- linuxdcpp-1.0.1/client/ShareManager.cpp 2007-10-06 02:12:32.000000000 +0200
+++ linuxdcpp-1.0.1/client/ShareManager.cpp.CVE-2008-2953 2008-07-02 13:24:03.000000000 +0200
@@ -926,6 +926,10 @@
}
j = i + 1;
}
+
+ if(it == directories.end())
+ return NULL;
+
for(ShareManager::Directory::MapIter it2 = it->second->directories.begin(); it2 != it->second->directories.end(); ++it2) {
it2->second->toXml(sos, indent, tmp, recurse);
}
linuxdcpp-CVE-2008-2954.patch:
--- NEW FILE linuxdcpp-CVE-2008-2954.patch ---
--- linuxdcpp-1.0.1/client/NmdcHub.cpp 2007-11-05 06:33:42.000000000 +0100
+++ linuxdcpp-1.0.1/client/NmdcHub.cpp.CVE-2008-2954 2008-07-02 13:24:18.000000000 +0200
@@ -693,10 +693,14 @@
if(fromNick.empty())
return;
+ if(param.size() < j + 2) {
+ return;
+ }
+ string msg = param.substr(j + 2);
+
OnlineUser* replyTo = findUser(rtNick);
OnlineUser* from = findUser(fromNick);
- string msg = param.substr(j + 2);
if(replyTo == NULL || from == NULL) {
if(replyTo == 0) {
// Assume it's from the hub
Index: linuxdcpp.spec
===================================================================
RCS file: /cvs/pkgs/rpms/linuxdcpp/F-9/linuxdcpp.spec,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- linuxdcpp.spec 13 Feb 2008 18:37:29 -0000 1.5
+++ linuxdcpp.spec 2 Jul 2008 11:49:43 -0000 1.6
@@ -1,6 +1,6 @@
Name: linuxdcpp
Version: 1.0.1
-Release: 2%{?dist}
+Release: 3%{?dist}
Summary: Direct Connect client
Group: Applications/Internet
@@ -11,6 +11,8 @@
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
Patch0: linuxdcpp-1.0.1-gcc43-compile-fix.patch
+Patch1: linuxdcpp-CVE-2008-2953.patch
+Patch2: linuxdcpp-CVE-2008-2954.patch
BuildRequires: scons gtk2-devel >= 2.6.0 glib2-devel >= 2.4.0 pkgconfig
BuildRequires: libglade2-devel >= 2.4.0 zlib-devel bzip2-devel openssl-devel
@@ -23,6 +25,8 @@
%setup -q -c
%patch0 -p1
+%patch1 -p1
+%patch2 -p1
%build
CXXFLAGS="$RPM_OPT_FLAGS" scons %{?_smp_mflags} PREFIX="%{_prefix}"
@@ -65,6 +69,9 @@
%{_datadir}/pixmaps/linuxdcpp.png
%changelog
+* Wed Jul 02 2008 Marcin Garski <mgarski[AT]post.pl> 1.0.1-3
+- Fix for CVE-2008-2953 and CVE-2008-2954 (#453731)
+
* Wed Feb 13 2008 Marcin Garski <mgarski[AT]post.pl> 1.0.1-2
- GCC 4.3 compile fix
More information about the scm-commits
mailing list