[kernel] r5370 - in dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian: . patches patches/series

Dann Frazier dannf at costa.debian.org
Mon Jan 9 01:11:27 UTC 2006 

Author: dannf
Date: Mon Jan  9 01:11:25 2006
New Revision: 5370

Added:
   dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/io_edgeport_overflow.dpatch
Modified:
   dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog
   dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-16sarge2
Log:
* io_edgeport_overflow.dpatch:
  [SECURITY] fix buffer overflow (underflow, really) that opens multiple 
  attack vectors.
  See CVE-2004-1017

Modified: dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog
==============================================================================
--- dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog	(original)
+++ dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog	Mon Jan  9 01:11:25 2006
@@ -161,7 +161,12 @@
     [SECURITY] Add bounds checking to coda fs.
     See CVE-2005-0124
 
- -- dann frazier <dannf at debian.org>  Sun,  8 Jan 2006 16:54:46 -0700
+  * io_edgeport_overflow.dpatch:
+    [SECURITY] fix buffer overflow (underflow, really) that opens multiple 
+    attack vectors.
+    See CVE-2004-1017
+
+ -- dann frazier <dannf at debian.org>  Sun,  8 Jan 2006 18:02:38 -0700
 
 kernel-source-2.6.8 (2.6.8-16sarge1) stable-security; urgency=high
 

Added: dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/io_edgeport_overflow.dpatch
==============================================================================
--- (empty file)
+++ dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/io_edgeport_overflow.dpatch	Mon Jan  9 01:11:25 2006
@@ -0,0 +1,32 @@
+diff -Naru a/drivers/usb/serial/io_edgeport.c b/drivers/usb/serial/io_edgeport.c
+--- a/drivers/usb/serial/io_edgeport.c	2006-01-08 17:00:11 -08:00
++++ b/drivers/usb/serial/io_edgeport.c	2006-01-08 17:00:11 -08:00
+@@ -2797,9 +2797,12 @@
+ static void unicode_to_ascii (char *string, __le16 *unicode, int unicode_size)
+ {
+ 	int i;
+-	for (i = 0; i < unicode_size; ++i) {
++
++	if (unicode_size <= 0)
++		return;
++
++	for (i = 0; i < unicode_size; ++i)
+ 		string[i] = (char)(le16_to_cpu(unicode[i]));
+-	}
+ 	string[unicode_size] = 0x00;
+ }
+ 
+# This is a BitKeeper generated diff -Nru style patch.
+#
+# ChangeSet
+#   2004/11/29 11:42:17-08:00 greg at kroah.com 
+#   [PATCH] USB: fix oops in io_edgeport.c driver
+#   
+#   This fixes https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=128916
+#   
+#   Signed-off-by: Greg Kroah-Hartman <greg at kroah.com>
+# 
+# drivers/usb/serial/io_edgeport.c
+#   2004/11/29 11:41:49-08:00 greg at kroah.com +5 -2
+#   USB: fix oops in io_edgeport.c driver
+# 

Modified: dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-16sarge2
==============================================================================
--- dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-16sarge2	(original)
+++ dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-16sarge2	Mon Jan  9 01:11:25 2006
@@ -29,3 +29,4 @@
 + async-urb-delivery-oops.dpatch
 + async-urb-delivery-oops-2.dpatch
 + fs_coda_coverty.dpatch
++ io_edgeport_overflow.dpatch

More information about the Kernel-svn-changes mailing list