[Pkg-gnutls-commits] r1786 - in /packages/gnutls26/branches/branch2.12.20-1+wheezy/debian: changelog patches/36_sanitycheck.diff patches/series
ametzler at users.alioth.debian.org
ametzler at users.alioth.debian.org
Thu May 30 05:52:22 UTC 2013
Author: ametzler
Date: Thu May 30 05:52:21 2013
New Revision: 1786
URL: http://svn.debian.org/wsvn/pkg-gnutls/?sc=1&rev=1786
Log:
gnutls26 (2.12.20-7) wheezy-security; urgency=high
[36_sanitycheck.diff] from upstream GIT. - Fix out of bounds data access.
Closes: #709301
CVE-2013-2116
Added:
packages/gnutls26/branches/branch2.12.20-1+wheezy/debian/patches/36_sanitycheck.diff
Modified:
packages/gnutls26/branches/branch2.12.20-1+wheezy/debian/changelog
packages/gnutls26/branches/branch2.12.20-1+wheezy/debian/patches/series
Modified: packages/gnutls26/branches/branch2.12.20-1+wheezy/debian/changelog
URL: http://svn.debian.org/wsvn/pkg-gnutls/packages/gnutls26/branches/branch2.12.20-1%2Bwheezy/debian/changelog?rev=1786&op=diff
==============================================================================
--- packages/gnutls26/branches/branch2.12.20-1+wheezy/debian/changelog (original)
+++ packages/gnutls26/branches/branch2.12.20-1+wheezy/debian/changelog Thu May 30 05:52:21 2013
@@ -1,3 +1,10 @@
+gnutls26 (2.12.20-7) wheezy-security; urgency=high
+
+ * [36_sanitycheck.diff] from upstream GIT. - Fix out of bounds data access.
+ Closes: #709301
+
+ -- Andreas Metzler <ametzler at debian.org> Fri, 24 May 2013 19:54:10 +0200
+
gnutls26 (2.12.20-6) unstable; urgency=low
* For wheezy build gnutls-bin and guile-gnutls from this source package
Added: packages/gnutls26/branches/branch2.12.20-1+wheezy/debian/patches/36_sanitycheck.diff
URL: http://svn.debian.org/wsvn/pkg-gnutls/packages/gnutls26/branches/branch2.12.20-1%2Bwheezy/debian/patches/36_sanitycheck.diff?rev=1786&op=file
==============================================================================
--- packages/gnutls26/branches/branch2.12.20-1+wheezy/debian/patches/36_sanitycheck.diff (added)
+++ packages/gnutls26/branches/branch2.12.20-1+wheezy/debian/patches/36_sanitycheck.diff Thu May 30 05:52:21 2013
@@ -1,0 +1,25 @@
+From 5164d5a1d57cd0372a5dd074382ca960ca18b27d Mon Sep 17 00:00:00 2001
+From: Nikos Mavrogiannopoulos <nmav at gnutls.org>
+Date: Thu, 23 May 2013 09:54:37 +0200
+Subject: [PATCH 3/3] re-applied sanity check patch
+
+---
+ lib/gnutls_cipher.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/lib/gnutls_cipher.c b/lib/gnutls_cipher.c
+index 2835121..71f5a98 100644
+--- a/lib/gnutls_cipher.c
++++ b/lib/gnutls_cipher.c
+@@ -561,6 +561,8 @@ _gnutls_ciphertext2compressed (gnutls_session_t session,
+ return GNUTLS_E_DECRYPTION_FAILED;
+ }
+ pad = ciphertext.data[ciphertext.size - 1]; /* pad */
++ if (pad+1 > ciphertext.size-hash_size)
++ pad_failed = GNUTLS_E_DECRYPTION_FAILED;
+
+ /* Check the pading bytes (TLS 1.x).
+ * Note that we access all 256 bytes of ciphertext for padding check
+--
+1.7.10.4
+
Modified: packages/gnutls26/branches/branch2.12.20-1+wheezy/debian/patches/series
URL: http://svn.debian.org/wsvn/pkg-gnutls/packages/gnutls26/branches/branch2.12.20-1%2Bwheezy/debian/patches/series?rev=1786&op=diff
==============================================================================
--- packages/gnutls26/branches/branch2.12.20-1+wheezy/debian/patches/series (original)
+++ packages/gnutls26/branches/branch2.12.20-1+wheezy/debian/patches/series Thu May 30 05:52:21 2013
@@ -9,3 +9,4 @@
33_stricter_rsa_pkcs_1.5.diff
34_pkcs11_memleak.diff
35_TLS-CBC_timing-attack.diff
+36_sanitycheck.diff
More information about the Pkg-gnutls-commits
mailing list