[nut/el5] fix heap-based buffer overflow due improper processing of non-printable characters in random network

Michal Hlavinka mhlavink at fedoraproject.org
Thu May 31 13:26:37 UTC 2012 

commit 53106a027a403cc6939218a2da3098ddb2b5dd95
Author: Michal Hlavinka <mhlavink at redhat.com>
Date:   Thu May 31 15:25:08 2012 +0200

    fix heap-based buffer overflow due improper processing of non-printable characters in random network data (CVE-2012-2944)

 nut.spec |   10 ++++++----
 1 files changed, 6 insertions(+), 4 deletions(-)
---
diff --git a/nut.spec b/nut.spec
index 741811f..ed00286 100644
--- a/nut.spec
+++ b/nut.spec
@@ -9,7 +9,7 @@
 Summary: Network UPS Tools
 Name: nut
 Version: 2.2.2
-Release: 2%{?dist}
+Release: 3%{?dist}
 Group: Applications/System
 License: GPLv2+
 Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -29,6 +29,7 @@ Patch5: nut-2.2.0-trippliteusb_476850.patch
 Patch6: nut-2.4.3-portcrash.patch
 
 Patch7: nut-2.2.2-oldglib2.patch
+Patch8: nut-2.6.3-cve-2012-2944.patch
 
 Requires: nut-client => 2.0.0 hal dbus-glib shadow-utils
 Requires(post): fileutils chkconfig /sbin/service
@@ -100,6 +101,7 @@ necessary to develop NUT client applications.
 %patch5 -p1 -b .trippliteusb_476850
 %patch6 -p1 -b .portcrash
 %patch7 -p1 -b .oldglib2
+%patch8 -p1 -b .cve-2012-2944
 
 %build
 %configure \
@@ -314,11 +316,11 @@ udevadm control --reload ||:
 %{_libdir}/pkgconfig/libupsclient.pc
 
 %changelog
-* Thu May 31 2012 Michal Hlavinka <mhlavink at redhat.com> - 2.2.2-2
+* Thu May 31 2012 Michal Hlavinka <mhlavink at redhat.com> - 2.2.2-3
 - fix heap-based buffer overflow due improper processing of non-printable 
   characters in random network data (CVE-2012-2944)
 
-* Mon Apr 30 2012 Michal Hlavinka <mhlavink at redhat.com> 2.2.2-1
+* Mon Apr 30 2012 Michal Hlavinka <mhlavink at redhat.com> 2.2.2-2
 - reload udev rules after instalation
 
 * Wed Mar 23 2011 Michal Hlavinka <mhlavink at redhat.com> 2.2.2-1
@@ -624,7 +626,7 @@ udevadm control --reload ||:
 - applied an improved patch to deal with the 
   bestups string length issue.
 
-* Sat Dec 11 1999 <bo-rpm at vircio.com> (0.42.1-1)
+* Sat Dec 11 1999 <bo-rpm at vircio.com> (0.42.1-2)
 - fixed string length in bestups.c line 279.
 
 * Sat Dec 11 1999 <bo-rpm at vircio.com> (0.42.1-1)

More information about the scm-commits mailing list