[Pkg-mono-svn-commits] rev 3427 - in mono/trunk/debian: . patches
Mirco Bauer
meebey-guest at alioth.debian.org
Sun Nov 4 14:37:46 UTC 2007
Author: meebey-guest
Date: 2007-11-04 14:37:45 +0000 (Sun, 04 Nov 2007)
New Revision: 3427
Added:
mono/trunk/debian/patches/fix_BigInteger_overflow_CVE-2007-5197.dpatch
Modified:
mono/trunk/debian/changelog
mono/trunk/debian/patches/00list
Log:
- added fix for CVE-2007-5197
Modified: mono/trunk/debian/changelog
===================================================================
--- mono/trunk/debian/changelog 2007-11-04 10:59:29 UTC (rev 3426)
+++ mono/trunk/debian/changelog 2007-11-04 14:37:45 UTC (rev 3427)
@@ -1,11 +1,13 @@
-mono (1.2.5.1-2) UNRELEASED; urgency=low
+mono (1.2.5.1-2) unstable; urgency=high
- * NOT RELEASED YET
- * debian/mono.runtime-script:
- - When removing GAC libraries, output the assembly name correctly on
- errors.
+ * Mirco 'meebey' Bauer:
+ + debian/mono.runtime-script:
+ - When removing GAC libraries, output the assembly name correctly on
+ errors.
+ + debian/patches/fix_BigInteger_overflow_CVE-2007-5197.dpatch:
+ - Fixes CVE-2007-5197, thus urgency set to high.
- -- Mirco Bauer <meebey at debian.org> Mon, 24 Sep 2007 00:32:39 +0200
+ -- Mirco Bauer <meebey at debian.org> Sun, 04 Nov 2007 15:34:08 +0100
mono (1.2.5.1-1) unstable; urgency=low
Modified: mono/trunk/debian/patches/00list
===================================================================
--- mono/trunk/debian/patches/00list 2007-11-04 10:59:29 UTC (rev 3426)
+++ mono/trunk/debian/patches/00list 2007-11-04 14:37:45 UTC (rev 3427)
@@ -6,3 +6,4 @@
fix-mono-cairo.pc.in
g_thread_init
ppc_fix_mono_class_proxy_vtable_r84948
+fix_BigInteger_overflow_CVE-2007-5197
Added: mono/trunk/debian/patches/fix_BigInteger_overflow_CVE-2007-5197.dpatch
===================================================================
--- mono/trunk/debian/patches/fix_BigInteger_overflow_CVE-2007-5197.dpatch (rev 0)
+++ mono/trunk/debian/patches/fix_BigInteger_overflow_CVE-2007-5197.dpatch 2007-11-04 14:37:45 UTC (rev 3427)
@@ -0,0 +1,31 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## fix_BigInteger_overflow_CVE-2007-5197.dpatch by Mirco Bauer <meebey at debian.org>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: No description.
+
+ at DPATCH@
+diff -urNad mono-1.2.2.1~/mcs/class/Mono.Security/Mono.Math/BigInteger.cs mono-1.2.2.1/mcs/class/Mono.Security/Mono.Math/BigInteger.cs
+--- mono-1.2.2.1~/mcs/class/Mono.Security/Mono.Math/BigInteger.cs 2006-04-14 19:51:24.000000000 +0200
++++ mono-1.2.2.1/mcs/class/Mono.Security/Mono.Math/BigInteger.cs 2007-10-28 22:42:47.000000000 +0100
+@@ -1574,7 +1574,7 @@
+ uint j = 1;
+
+ // Multiply and add
+- for (; j < m.length; j++) {
++ for (; j < m.length && j < A.length; j++) {
+ c += (ulong)u_i * (ulong)*(mP++) + *(aSP++);
+ *(aDP++) = (uint)c;
+ c >>= 32;
+diff -urNad mono-1.2.2.1~/mcs/class/corlib/Mono.Math/BigInteger.cs mono-1.2.2.1/mcs/class/corlib/Mono.Math/BigInteger.cs
+--- mono-1.2.2.1~/mcs/class/corlib/Mono.Math/BigInteger.cs 2006-04-14 19:50:35.000000000 +0200
++++ mono-1.2.2.1/mcs/class/corlib/Mono.Math/BigInteger.cs 2007-10-28 22:42:15.000000000 +0100
+@@ -1574,7 +1574,7 @@
+ uint j = 1;
+
+ // Multiply and add
+- for (; j < m.length; j++) {
++ for (; j < m.length && j < A.length; j++) {
+ c += (ulong)u_i * (ulong)*(mP++) + *(aSP++);
+ *(aDP++) = (uint)c;
+ c >>= 32;
Property changes on: mono/trunk/debian/patches/fix_BigInteger_overflow_CVE-2007-5197.dpatch
___________________________________________________________________
Name: svn:executable
+ *
More information about the Pkg-mono-svn-commits
mailing list