[Pkg-clamav-commits] [SCM] Debian repository for ClamAV branch, debian/etch-security, updated. cca61a86f5a94afc8a0e22cad99d7da8702f1366
Michael Tautschnig
mt at debian.org
Tue Nov 11 21:42:04 UTC 2008
The following commit has been merged in the debian/etch-security branch:
commit cca61a86f5a94afc8a0e22cad99d7da8702f1366
Author: Michael Tautschnig <mt at debian.org>
Date: Tue Nov 11 22:41:29 2008 +0100
Dpatchified aCaB's backported fix
- Patch backported from 0.94.1 to fix off-by-one error in vba_extract.c,
allowing for buffer overflows.
Signed-off-by: Michael Tautschnig <mt at debian.org>
diff --git a/debian/changelog b/debian/changelog
index 3986550..50329c3 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+clamav (0.90.1dfsg-4etch16) stable-security; urgency=high
+
+ * libclamav/vba_extract.c: off-by-one error causing possible buffer overflow
+ (Closes: #505134)
+
+ -- Stephen Gran <sgran at debian.org> Tue, 11 Nov 2008 22:29:12 +0100
+
clamav (0.90.1dfsg-4etch15) stable-security; urgency=low
* [CVE-2008-3912]: libclamav/mbox.c, libclamav/message.c: out-of-memory null
diff --git a/debian/patches/00list b/debian/patches/00list
index f741f85..27caae2 100644
--- a/debian/patches/00list
+++ b/debian/patches/00list
@@ -23,3 +23,4 @@
45.mbox.c.CVE-2008-3912.dpatch
46.fd-leak.CVE-2008-3914.dpatch
47.manager.c.CVE-2008-3913.dpatch
+48.vba_unicode.c.dpatch
diff --git a/debian/patches/48.vba_unicode.c.dpatch b/debian/patches/48.vba_unicode.c.dpatch
new file mode 100644
index 0000000..f25c5e7
--- /dev/null
+++ b/debian/patches/48.vba_unicode.c.dpatch
@@ -0,0 +1,18 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 48.vba_unicode.c.dpatch
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: get_unicode_name() off-by-one buffer overflow
+
+ at DPATCH@
+--- a/libclamav/vba_extract.c 2008-11-11 01:25:27.000000000 +0100
++++ b/libclamav/vba_extract.c 2008-11-11 01:26:24.000000000 +0100
+@@ -110,7 +110,7 @@
+ return NULL;
+ }
+
+- newname = (char *) cli_malloc(size*7);
++ newname = (char *) cli_malloc(size*7+1);
+ if (!newname) {
+ return NULL;
+ }
--
Debian repository for ClamAV
More information about the Pkg-clamav-commits
mailing list