[nut/el5] fix heap-based buffer overflow due improper processing of non-printable characters in random network
Michal Hlavinka
mhlavink at fedoraproject.org
Thu May 31 13:26:37 UTC 2012
commit 53106a027a403cc6939218a2da3098ddb2b5dd95
Author: Michal Hlavinka <mhlavink at redhat.com>
Date: Thu May 31 15:25:08 2012 +0200
fix heap-based buffer overflow due improper processing of non-printable characters in random network data (CVE-2012-2944)
nut.spec | 10 ++++++----
1 files changed, 6 insertions(+), 4 deletions(-)
---
diff --git a/nut.spec b/nut.spec
index 741811f..ed00286 100644
--- a/nut.spec
+++ b/nut.spec
@@ -9,7 +9,7 @@
Summary: Network UPS Tools
Name: nut
Version: 2.2.2
-Release: 2%{?dist}
+Release: 3%{?dist}
Group: Applications/System
License: GPLv2+
Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -29,6 +29,7 @@ Patch5: nut-2.2.0-trippliteusb_476850.patch
Patch6: nut-2.4.3-portcrash.patch
Patch7: nut-2.2.2-oldglib2.patch
+Patch8: nut-2.6.3-cve-2012-2944.patch
Requires: nut-client => 2.0.0 hal dbus-glib shadow-utils
Requires(post): fileutils chkconfig /sbin/service
@@ -100,6 +101,7 @@ necessary to develop NUT client applications.
%patch5 -p1 -b .trippliteusb_476850
%patch6 -p1 -b .portcrash
%patch7 -p1 -b .oldglib2
+%patch8 -p1 -b .cve-2012-2944
%build
%configure \
@@ -314,11 +316,11 @@ udevadm control --reload ||:
%{_libdir}/pkgconfig/libupsclient.pc
%changelog
-* Thu May 31 2012 Michal Hlavinka <mhlavink at redhat.com> - 2.2.2-2
+* Thu May 31 2012 Michal Hlavinka <mhlavink at redhat.com> - 2.2.2-3
- fix heap-based buffer overflow due improper processing of non-printable
characters in random network data (CVE-2012-2944)
-* Mon Apr 30 2012 Michal Hlavinka <mhlavink at redhat.com> 2.2.2-1
+* Mon Apr 30 2012 Michal Hlavinka <mhlavink at redhat.com> 2.2.2-2
- reload udev rules after instalation
* Wed Mar 23 2011 Michal Hlavinka <mhlavink at redhat.com> 2.2.2-1
@@ -624,7 +626,7 @@ udevadm control --reload ||:
- applied an improved patch to deal with the
bestups string length issue.
-* Sat Dec 11 1999 <bo-rpm at vircio.com> (0.42.1-1)
+* Sat Dec 11 1999 <bo-rpm at vircio.com> (0.42.1-2)
- fixed string length in bestups.c line 279.
* Sat Dec 11 1999 <bo-rpm at vircio.com> (0.42.1-1)
More information about the scm-commits
mailing list