r29414 - in /desktop/squeeze/vte/debian: changelog patches/01_CVE-2011-2198.patch patches/series

joss at users.alioth.debian.org joss at users.alioth.debian.org
Thu Aug 18 14:19:10 UTC 2011 

Author: joss
Date: Thu Aug 18 14:19:09 2011
New Revision: 29414

URL: http://svn.debian.org/wsvn/pkg-gnome/?sc=1&rev=29414
Log:
01_CVE-2011-2198.patch: taken from upstream git. Fixes memory 
exhaustion vulnerability. Closes: #629688, CVE-2011-2198.

Added:
    desktop/squeeze/vte/debian/patches/01_CVE-2011-2198.patch
Modified:
    desktop/squeeze/vte/debian/changelog
    desktop/squeeze/vte/debian/patches/series

Modified: desktop/squeeze/vte/debian/changelog
URL: http://svn.debian.org/wsvn/pkg-gnome/desktop/squeeze/vte/debian/changelog?rev=29414&op=diff
==============================================================================
--- desktop/squeeze/vte/debian/changelog [utf-8] (original)
+++ desktop/squeeze/vte/debian/changelog [utf-8] Thu Aug 18 14:19:09 2011
@@ -1,3 +1,10 @@
+vte (1:0.24.3-3) stable; urgency=low
+
+  * 01_CVE-2011-2198.patch: taken from upstream git. Fixes memory 
+    exhaustion vulnerability. Closes: #629688, CVE-2011-2198.
+
+ -- Josselin Mouette <joss at debian.org>  Thu, 18 Aug 2011 16:17:27 +0200
+
 vte (1:0.24.3-2) unstable; urgency=low
 
   [ Emilio Pozuelo Monfort ]

Added: desktop/squeeze/vte/debian/patches/01_CVE-2011-2198.patch
URL: http://svn.debian.org/wsvn/pkg-gnome/desktop/squeeze/vte/debian/patches/01_CVE-2011-2198.patch?rev=29414&op=file
==============================================================================
--- desktop/squeeze/vte/debian/patches/01_CVE-2011-2198.patch (added)
+++ desktop/squeeze/vte/debian/patches/01_CVE-2011-2198.patch [utf-8] Thu Aug 18 14:19:09 2011
@@ -1,0 +1,67 @@
+From ac71d26f067be3a21bff315c3cabf24c94360dd6 Mon Sep 17 00:00:00 2001
+From: Christian Persch <chpe at gnome.org>
+Date: Fri, 10 Jun 2011 15:31:58 +0000
+Subject: [CVE-2011-2198] Limit insert-blank-characters
+
+Bug #652124.
+---
+diff --git a/src/vteseq.c b/src/vteseq.c
+index 3fff7e8..7ef4c8c 100644
+--- a/src/vteseq.c
++++ b/src/vteseq.c
+@@ -532,9 +532,10 @@ vte_sequence_handler_offset(VteTerminal *terminal,
+ 
+ /* Call another function a given number of times, or once. */
+ static void
+-vte_sequence_handler_multiple(VteTerminal *terminal,
+-			      GValueArray *params,
+-			      VteTerminalSequenceHandler handler)
++vte_sequence_handler_multiple_limited(VteTerminal *terminal,
++                                      GValueArray *params,
++                                      VteTerminalSequenceHandler handler,
++                                      glong max)
+ {
+ 	long val = 1;
+ 	int i;
+@@ -544,13 +545,29 @@ vte_sequence_handler_multiple(VteTerminal *terminal,
+ 		value = g_value_array_get_nth(params, 0);
+ 		if (G_VALUE_HOLDS_LONG(value)) {
+ 			val = g_value_get_long(value);
+-			val = MAX(val, 1);	/* FIXME: vttest. */
++			val = CLAMP(val, 1, max);	/* FIXME: vttest. */
+ 		}
+ 	}
+ 	for (i = 0; i < val; i++)
+ 		handler (terminal, NULL);
+ }
+ 
++static void
++vte_sequence_handler_multiple(VteTerminal *terminal,
++                              GValueArray *params,
++                              VteTerminalSequenceHandler handler)
++{
++        vte_sequence_handler_multiple_limited(terminal, params, handler, G_MAXLONG);
++}
++
++static void
++vte_sequence_handler_multiple_r(VteTerminal *terminal,
++                                GValueArray *params,
++                                VteTerminalSequenceHandler handler)
++{
++        vte_sequence_handler_multiple_limited(terminal, params, handler,
++                                              terminal->column_count - terminal->pvt->screen->cursor_current.col);
++}
+ 
+ /* Manipulate certain terminal attributes. */
+ static void
+@@ -1570,7 +1587,7 @@ vte_sequence_handler_ic (VteTerminal *terminal, GValueArray *params)
+ static void
+ vte_sequence_handler_IC (VteTerminal *terminal, GValueArray *params)
+ {
+-	vte_sequence_handler_multiple(terminal, params, vte_sequence_handler_ic);
++	vte_sequence_handler_multiple_r(terminal, params, vte_sequence_handler_ic);
+ }
+ 
+ /* Begin insert mode. */
+--
+cgit v0.9.0.2

Modified: desktop/squeeze/vte/debian/patches/series
URL: http://svn.debian.org/wsvn/pkg-gnome/desktop/squeeze/vte/debian/patches/series?rev=29414&op=diff
==============================================================================
--- desktop/squeeze/vte/debian/patches/series [utf-8] (original)
+++ desktop/squeeze/vte/debian/patches/series [utf-8] Thu Aug 18 14:19:09 2011
@@ -1,3 +1,4 @@
+01_CVE-2011-2198.patch
 25_optional-ncurses.patch
 60_termcap-home-end.patch
 90_autoreconf.patch

More information about the pkg-gnome-commits mailing list