[Pkg-mono-svn-commits] rev 3425 - in mono/branches/1.2.2.1-1etchX/debian: . patches

Mirco Bauer meebey-guest at alioth.debian.org
Sun Nov 4 10:59:04 UTC 2007 

Author: meebey-guest
Date: 2007-11-04 10:59:04 +0000 (Sun, 04 Nov 2007)
New Revision: 3425

Added:
   mono/branches/1.2.2.1-1etchX/debian/patches/fix_BigInteger_overflow_CVE-2007-5197.dpatch
Modified:
   mono/branches/1.2.2.1-1etchX/debian/changelog
   mono/branches/1.2.2.1-1etchX/debian/patches/00list
Log:
- flush



Modified: mono/branches/1.2.2.1-1etchX/debian/changelog
===================================================================
--- mono/branches/1.2.2.1-1etchX/debian/changelog	2007-10-31 00:55:34 UTC (rev 3424)
+++ mono/branches/1.2.2.1-1etchX/debian/changelog	2007-11-04 10:59:04 UTC (rev 3425)
@@ -1,3 +1,10 @@
+mono (1.2.2.1-1etch1) stable-security; urgency=high
+
+  * debian/patches/fix_BigInteger_overflow_CVE-2007-5197.dpatch:
+    + Fixes CVE-2007-5197
+
+ -- Mirco Bauer <meebey at debian.org>  Sun, 28 Oct 2007 22:25:15 +0100
+
 mono (1.2.2.1-1) unstable; urgency=low
 
   * New upstream release

Modified: mono/branches/1.2.2.1-1etchX/debian/patches/00list
===================================================================
--- mono/branches/1.2.2.1-1etchX/debian/patches/00list	2007-10-31 00:55:34 UTC (rev 3424)
+++ mono/branches/1.2.2.1-1etchX/debian/patches/00list	2007-11-04 10:59:04 UTC (rev 3425)
@@ -1,2 +1,3 @@
 remove_broken_dllmap_from_mono-shlib-cop.dpatch
 console-no-utf8-bom.dpatch
+fix_BigInteger_overflow_CVE-2007-5197.dpatch

Added: mono/branches/1.2.2.1-1etchX/debian/patches/fix_BigInteger_overflow_CVE-2007-5197.dpatch
===================================================================
--- mono/branches/1.2.2.1-1etchX/debian/patches/fix_BigInteger_overflow_CVE-2007-5197.dpatch	                        (rev 0)
+++ mono/branches/1.2.2.1-1etchX/debian/patches/fix_BigInteger_overflow_CVE-2007-5197.dpatch	2007-11-04 10:59:04 UTC (rev 3425)
@@ -0,0 +1,31 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## fix_BigInteger_overflow_CVE-2007-5197.dpatch by Mirco Bauer <meebey at debian.org>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: No description.
+
+ at DPATCH@
+diff -urNad mono-1.2.2.1~/mcs/class/Mono.Security/Mono.Math/BigInteger.cs mono-1.2.2.1/mcs/class/Mono.Security/Mono.Math/BigInteger.cs
+--- mono-1.2.2.1~/mcs/class/Mono.Security/Mono.Math/BigInteger.cs	2006-04-14 19:51:24.000000000 +0200
++++ mono-1.2.2.1/mcs/class/Mono.Security/Mono.Math/BigInteger.cs	2007-10-28 22:42:47.000000000 +0100
+@@ -1574,7 +1574,7 @@
+ 						uint j = 1;
+ 
+ 						// Multiply and add
+-						for (; j < m.length; j++) {
++						for (; j < m.length && j < A.length; j++) {
+ 							c += (ulong)u_i * (ulong)*(mP++) + *(aSP++);
+ 							*(aDP++) = (uint)c;
+ 							c >>= 32;
+diff -urNad mono-1.2.2.1~/mcs/class/corlib/Mono.Math/BigInteger.cs mono-1.2.2.1/mcs/class/corlib/Mono.Math/BigInteger.cs
+--- mono-1.2.2.1~/mcs/class/corlib/Mono.Math/BigInteger.cs	2006-04-14 19:50:35.000000000 +0200
++++ mono-1.2.2.1/mcs/class/corlib/Mono.Math/BigInteger.cs	2007-10-28 22:42:15.000000000 +0100
+@@ -1574,7 +1574,7 @@
+ 						uint j = 1;
+ 
+ 						// Multiply and add
+-						for (; j < m.length; j++) {
++						for (; j < m.length && j < A.length; j++) {
+ 							c += (ulong)u_i * (ulong)*(mP++) + *(aSP++);
+ 							*(aDP++) = (uint)c;
+ 							c >>= 32;


Property changes on: mono/branches/1.2.2.1-1etchX/debian/patches/fix_BigInteger_overflow_CVE-2007-5197.dpatch
___________________________________________________________________
Name: svn:executable
   + *

More information about the Pkg-mono-svn-commits mailing list