r149 - in unstable/rt2400/debian: . patches
benh at alioth.debian.org
benh at alioth.debian.org
Wed Jan 28 00:26:57 UTC 2009
Author: benh
Date: 2009-01-28 00:26:57 +0000 (Wed, 28 Jan 2009)
New Revision: 149
Added:
unstable/rt2400/debian/patches/001_fix_probe_request_overflow.diff
Modified:
unstable/rt2400/debian/changelog
unstable/rt2400/debian/patches/series
Log:
Fixed buffer overflow vulnerability in processing of ad-hoc probe
requests (CVE-2009-0282) (closes: bug#512999)
Modified: unstable/rt2400/debian/changelog
===================================================================
--- unstable/rt2400/debian/changelog 2008-09-03 00:17:33 UTC (rev 148)
+++ unstable/rt2400/debian/changelog 2009-01-28 00:26:57 UTC (rev 149)
@@ -1,3 +1,10 @@
+rt2400 (1.2.2+cvs20080623-3) unstable; urgency=high
+
+ * Fixed buffer overflow vulnerability in processing of ad-hoc probe
+ requests (CVE-2009-0282) (closes: bug#512999)
+
+ -- Ben Hutchings <ben at decadent.org.uk> Wed, 28 Jan 2009 00:23:31 +0000
+
rt2400 (1.2.2+cvs20080623-2) unstable; urgency=low
* Modified 000_if_name.diff to apply at -p1 (closes: bug#485258)
Added: unstable/rt2400/debian/patches/001_fix_probe_request_overflow.diff
===================================================================
--- unstable/rt2400/debian/patches/001_fix_probe_request_overflow.diff (rev 0)
+++ unstable/rt2400/debian/patches/001_fix_probe_request_overflow.diff 2009-01-28 00:26:57 UTC (rev 149)
@@ -0,0 +1,14 @@
+Fix buffer overflow vulnerability in processing of ad-hoc probe
+requests (CVE-2009-0282) (closes: bug#512999)
+
+--- rt2400.orig/Module/sanity.c
++++ rt2400/Module/sanity.c
+@@ -389,7 +389,7 @@
+
+ COPY_MAC_ADDR(Addr2, &Fr->Hdr.Addr2);
+
+- if (Fr->Octet[0] != IE_SSID || Fr->Octet[1] > MAX_LEN_OF_SSID)
++ if (Fr->Octet[0] != IE_SSID || (UCHAR)Fr->Octet[1] > MAX_LEN_OF_SSID)
+ {
+ DBGPRINT(RT_DEBUG_TRACE, "PeerProbeReqSanity fail - wrong SSID IE\n");
+ return FALSE;
Modified: unstable/rt2400/debian/patches/series
===================================================================
--- unstable/rt2400/debian/patches/series 2008-09-03 00:17:33 UTC (rev 148)
+++ unstable/rt2400/debian/patches/series 2009-01-28 00:26:57 UTC (rev 149)
@@ -1 +1,2 @@
000_if_name.diff
+001_fix_probe_request_overflow.diff
More information about the Pkg-ralink-commits
mailing list