[kernel] r5370 - in
dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian:
. patches patches/series
Dann Frazier
dannf at costa.debian.org
Mon Jan 9 01:11:27 UTC 2006
Author: dannf
Date: Mon Jan 9 01:11:25 2006
New Revision: 5370
Added:
dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/io_edgeport_overflow.dpatch
Modified:
dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog
dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-16sarge2
Log:
* io_edgeport_overflow.dpatch:
[SECURITY] fix buffer overflow (underflow, really) that opens multiple
attack vectors.
See CVE-2004-1017
Modified: dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog
==============================================================================
--- dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog (original)
+++ dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog Mon Jan 9 01:11:25 2006
@@ -161,7 +161,12 @@
[SECURITY] Add bounds checking to coda fs.
See CVE-2005-0124
- -- dann frazier <dannf at debian.org> Sun, 8 Jan 2006 16:54:46 -0700
+ * io_edgeport_overflow.dpatch:
+ [SECURITY] fix buffer overflow (underflow, really) that opens multiple
+ attack vectors.
+ See CVE-2004-1017
+
+ -- dann frazier <dannf at debian.org> Sun, 8 Jan 2006 18:02:38 -0700
kernel-source-2.6.8 (2.6.8-16sarge1) stable-security; urgency=high
Added: dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/io_edgeport_overflow.dpatch
==============================================================================
--- (empty file)
+++ dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/io_edgeport_overflow.dpatch Mon Jan 9 01:11:25 2006
@@ -0,0 +1,32 @@
+diff -Naru a/drivers/usb/serial/io_edgeport.c b/drivers/usb/serial/io_edgeport.c
+--- a/drivers/usb/serial/io_edgeport.c 2006-01-08 17:00:11 -08:00
++++ b/drivers/usb/serial/io_edgeport.c 2006-01-08 17:00:11 -08:00
+@@ -2797,9 +2797,12 @@
+ static void unicode_to_ascii (char *string, __le16 *unicode, int unicode_size)
+ {
+ int i;
+- for (i = 0; i < unicode_size; ++i) {
++
++ if (unicode_size <= 0)
++ return;
++
++ for (i = 0; i < unicode_size; ++i)
+ string[i] = (char)(le16_to_cpu(unicode[i]));
+- }
+ string[unicode_size] = 0x00;
+ }
+
+# This is a BitKeeper generated diff -Nru style patch.
+#
+# ChangeSet
+# 2004/11/29 11:42:17-08:00 greg at kroah.com
+# [PATCH] USB: fix oops in io_edgeport.c driver
+#
+# This fixes https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=128916
+#
+# Signed-off-by: Greg Kroah-Hartman <greg at kroah.com>
+#
+# drivers/usb/serial/io_edgeport.c
+# 2004/11/29 11:41:49-08:00 greg at kroah.com +5 -2
+# USB: fix oops in io_edgeport.c driver
+#
Modified: dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-16sarge2
==============================================================================
--- dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-16sarge2 (original)
+++ dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-16sarge2 Mon Jan 9 01:11:25 2006
@@ -29,3 +29,4 @@
+ async-urb-delivery-oops.dpatch
+ async-urb-delivery-oops-2.dpatch
+ fs_coda_coverty.dpatch
++ io_edgeport_overflow.dpatch
More information about the Kernel-svn-changes
mailing list