[kernel] r15512 - in dists/trunk/tgt/debian: . patches

Frederik Schüler fs at alioth.debian.org
Tue Apr 13 09:21:18 UTC 2010 

Author: fs
Date: Tue Apr 13 09:21:08 2010
New Revision: 15512

Log:
Fix Format string vulnerability CVE-2010-0743. (Closes: #576086)

Added:
   dists/trunk/tgt/debian/patches/CVE-2010-0743.patch
Modified:
   dists/trunk/tgt/debian/changelog
   dists/trunk/tgt/debian/patches/series

Modified: dists/trunk/tgt/debian/changelog
==============================================================================
--- dists/trunk/tgt/debian/changelog	Mon Apr 12 21:02:37 2010	(r15511)
+++ dists/trunk/tgt/debian/changelog	Tue Apr 13 09:21:08 2010	(r15512)
@@ -1,3 +1,10 @@
+tgt (1:1.0.3-2) unstable; urgency=low
+
+  * Fix Format string vulnerability CVE-2010-0743.
+    (Closes: #576086)
+
+ -- Frederik Schüler <fs at debian.org>  Tue, 13 Apr 2010 10:54:19 +0200
+
 tgt (1:1.0.3-1) unstable; urgency=low
 
   * New upstream release.

Added: dists/trunk/tgt/debian/patches/CVE-2010-0743.patch
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ dists/trunk/tgt/debian/patches/CVE-2010-0743.patch	Tue Apr 13 09:21:08 2010	(r15512)
@@ -0,0 +1,34 @@
+commit 107d922706cd36f3bb79bcca9bc4678c32f22e59
+Author: Vincent Danen <vdanen at redhat.com>
+Date:   Wed Mar 24 21:46:10 2010 +0900
+
+    fix format string vulnerability
+    
+    The isns code has the same problem:
+    
+    http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=574935
+    
+    Signed-off-by: FUJITA Tomonori <fujita.tomonori at lab.ntt.co.jp>
+
+diff --git a/usr/iscsi/isns.c b/usr/iscsi/isns.c
+index 3bfc1fc..c4d90cf 100644
+--- a/usr/iscsi/isns.c
++++ b/usr/iscsi/isns.c
+@@ -316,7 +316,7 @@ static int isns_attr_query(char *name)
+ 	tlv = (struct isns_tlv *) hdr->pdu;
+ 
+ 	if (name)
+-		snprintf(mgmt->name, sizeof(mgmt->name), name);
++		snprintf(mgmt->name, sizeof(mgmt->name), "%s", name);
+ 	else {
+ 		mgmt->name[0] = '\0';
+ 		target = list_first_entry(&iscsi_targets_list,
+@@ -690,7 +690,7 @@ found:
+ 				ini = malloc(sizeof(*ini));
+ 				if (!ini)
+ 					goto free_qry_mgmt;
+-				snprintf(ini->name, sizeof(ini->name), name);
++				snprintf(ini->name, sizeof(ini->name), "%s", name);
+ 				list_add(&ini->ilist, &target->isns_list);
+ 			} else
+ 				name = NULL;

Modified: dists/trunk/tgt/debian/patches/series
==============================================================================
--- dists/trunk/tgt/debian/patches/series	Mon Apr 12 21:02:37 2010	(r15511)
+++ dists/trunk/tgt/debian/patches/series	Tue Apr 13 09:21:08 2010	(r15512)
@@ -1,2 +1,3 @@
 make-tgt-setup-lun-executable
 conf-makefile
+CVE-2010-0743.patch

More information about the Kernel-svn-changes mailing list