[polarssl/epel7] CVE-2015-1182
Morten Stevens
mstevens at fedoraproject.org
Tue Jan 20 14:28:02 UTC 2015
commit 0048a6104fb9354d747e3cfcf5867db18d418e99
Author: Morten Stevens <mstevens at imt-systems.com>
Date: Tue Jan 20 15:28:29 2015 +0100
CVE-2015-1182
CVE-2015-1182.patch | 13 +++++++++++++
polarssl.spec | 7 ++++++-
2 files changed, 19 insertions(+), 1 deletions(-)
---
diff --git a/CVE-2015-1182.patch b/CVE-2015-1182.patch
new file mode 100644
index 0000000..2ca18b3
--- /dev/null
+++ b/CVE-2015-1182.patch
@@ -0,0 +1,13 @@
+diff --git a/library/asn1parse.c b/library/asn1parse.c
+index a3a2b56..e2117bf 100644
+--- a/library/asn1parse.c
++++ b/library/asn1parse.c
+@@ -278,6 +278,8 @@ int asn1_get_sequence_of( unsigned char **p,
+ if( cur->next == NULL )
+ return( POLARSSL_ERR_ASN1_MALLOC_FAILED );
+
++ memset( cur->next, 0, sizeof( asn1_sequence ) );
++
+ cur = cur->next;
+ }
+ }
diff --git a/polarssl.spec b/polarssl.spec
index e55dc72..f35e6e5 100644
--- a/polarssl.spec
+++ b/polarssl.spec
@@ -1,12 +1,13 @@
Name: polarssl
Version: 1.3.9
-Release: 2%{?dist}
+Release: 3%{?dist}
Summary: Light-weight cryptographic and SSL/TLS library
Group: System Environment/Libraries
License: GPLv2+
URL: http://polarssl.org/
Source0: http://polarssl.org/download/%{name}-%{version}-gpl.tgz
Patch0: fix-debuginfo.patch
+Patch1: CVE-2015-1182.patch
BuildRequires: cmake
BuildRequires: doxygen
@@ -38,6 +39,7 @@ developing applications that use %{name}.
%prep
%setup -q
%patch0 -p1 -b .fix-debuginfo
+%patch1 -p1 -b .CVE-2015-1182
%build
%cmake -D CMAKE_BUILD_TYPE:String="Release" -D USE_SHARED_POLARSSL_LIBRARY:BOOL=1 .
@@ -69,6 +71,9 @@ mv $RPM_BUILD_ROOT%{_bindir} $RPM_BUILD_ROOT%{_libexecdir}/polarssl
%{_libdir}/*.a
%changelog
+* Tue Jan 20 2015 Morten Stevens <mstevens at imt-systems.com> - 1.3.9-3
+- CVE-2015-1182 (#1184030)
+
* Mon Nov 10 2014 Morten Stevens <mstevens at imt-systems.com> - 1.3.9-2
- Add upstream patch to fix #1161948
More information about the scm-commits
mailing list