r29414 - in /desktop/squeeze/vte/debian: changelog patches/01_CVE-2011-2198.patch patches/series
joss at users.alioth.debian.org
joss at users.alioth.debian.org
Thu Aug 18 14:19:10 UTC 2011
Author: joss
Date: Thu Aug 18 14:19:09 2011
New Revision: 29414
URL: http://svn.debian.org/wsvn/pkg-gnome/?sc=1&rev=29414
Log:
01_CVE-2011-2198.patch: taken from upstream git. Fixes memory
exhaustion vulnerability. Closes: #629688, CVE-2011-2198.
Added:
desktop/squeeze/vte/debian/patches/01_CVE-2011-2198.patch
Modified:
desktop/squeeze/vte/debian/changelog
desktop/squeeze/vte/debian/patches/series
Modified: desktop/squeeze/vte/debian/changelog
URL: http://svn.debian.org/wsvn/pkg-gnome/desktop/squeeze/vte/debian/changelog?rev=29414&op=diff
==============================================================================
--- desktop/squeeze/vte/debian/changelog [utf-8] (original)
+++ desktop/squeeze/vte/debian/changelog [utf-8] Thu Aug 18 14:19:09 2011
@@ -1,3 +1,10 @@
+vte (1:0.24.3-3) stable; urgency=low
+
+ * 01_CVE-2011-2198.patch: taken from upstream git. Fixes memory
+ exhaustion vulnerability. Closes: #629688, CVE-2011-2198.
+
+ -- Josselin Mouette <joss at debian.org> Thu, 18 Aug 2011 16:17:27 +0200
+
vte (1:0.24.3-2) unstable; urgency=low
[ Emilio Pozuelo Monfort ]
Added: desktop/squeeze/vte/debian/patches/01_CVE-2011-2198.patch
URL: http://svn.debian.org/wsvn/pkg-gnome/desktop/squeeze/vte/debian/patches/01_CVE-2011-2198.patch?rev=29414&op=file
==============================================================================
--- desktop/squeeze/vte/debian/patches/01_CVE-2011-2198.patch (added)
+++ desktop/squeeze/vte/debian/patches/01_CVE-2011-2198.patch [utf-8] Thu Aug 18 14:19:09 2011
@@ -1,0 +1,67 @@
+From ac71d26f067be3a21bff315c3cabf24c94360dd6 Mon Sep 17 00:00:00 2001
+From: Christian Persch <chpe at gnome.org>
+Date: Fri, 10 Jun 2011 15:31:58 +0000
+Subject: [CVE-2011-2198] Limit insert-blank-characters
+
+Bug #652124.
+---
+diff --git a/src/vteseq.c b/src/vteseq.c
+index 3fff7e8..7ef4c8c 100644
+--- a/src/vteseq.c
++++ b/src/vteseq.c
+@@ -532,9 +532,10 @@ vte_sequence_handler_offset(VteTerminal *terminal,
+
+ /* Call another function a given number of times, or once. */
+ static void
+-vte_sequence_handler_multiple(VteTerminal *terminal,
+- GValueArray *params,
+- VteTerminalSequenceHandler handler)
++vte_sequence_handler_multiple_limited(VteTerminal *terminal,
++ GValueArray *params,
++ VteTerminalSequenceHandler handler,
++ glong max)
+ {
+ long val = 1;
+ int i;
+@@ -544,13 +545,29 @@ vte_sequence_handler_multiple(VteTerminal *terminal,
+ value = g_value_array_get_nth(params, 0);
+ if (G_VALUE_HOLDS_LONG(value)) {
+ val = g_value_get_long(value);
+- val = MAX(val, 1); /* FIXME: vttest. */
++ val = CLAMP(val, 1, max); /* FIXME: vttest. */
+ }
+ }
+ for (i = 0; i < val; i++)
+ handler (terminal, NULL);
+ }
+
++static void
++vte_sequence_handler_multiple(VteTerminal *terminal,
++ GValueArray *params,
++ VteTerminalSequenceHandler handler)
++{
++ vte_sequence_handler_multiple_limited(terminal, params, handler, G_MAXLONG);
++}
++
++static void
++vte_sequence_handler_multiple_r(VteTerminal *terminal,
++ GValueArray *params,
++ VteTerminalSequenceHandler handler)
++{
++ vte_sequence_handler_multiple_limited(terminal, params, handler,
++ terminal->column_count - terminal->pvt->screen->cursor_current.col);
++}
+
+ /* Manipulate certain terminal attributes. */
+ static void
+@@ -1570,7 +1587,7 @@ vte_sequence_handler_ic (VteTerminal *terminal, GValueArray *params)
+ static void
+ vte_sequence_handler_IC (VteTerminal *terminal, GValueArray *params)
+ {
+- vte_sequence_handler_multiple(terminal, params, vte_sequence_handler_ic);
++ vte_sequence_handler_multiple_r(terminal, params, vte_sequence_handler_ic);
+ }
+
+ /* Begin insert mode. */
+--
+cgit v0.9.0.2
Modified: desktop/squeeze/vte/debian/patches/series
URL: http://svn.debian.org/wsvn/pkg-gnome/desktop/squeeze/vte/debian/patches/series?rev=29414&op=diff
==============================================================================
--- desktop/squeeze/vte/debian/patches/series [utf-8] (original)
+++ desktop/squeeze/vte/debian/patches/series [utf-8] Thu Aug 18 14:19:09 2011
@@ -1,3 +1,4 @@
+01_CVE-2011-2198.patch
25_optional-ncurses.patch
60_termcap-home-end.patch
90_autoreconf.patch
More information about the pkg-gnome-commits
mailing list