[Pkg-silc-commits] [SCM] developer files for SILC library (silc-toolkit) branch, lenny-security, created. debian/1.1.7-2+lenny1

Jérémy Bobbio lunar at debian.org
Fri Sep 4 20:45:31 UTC 2009 

The branch, lenny-security has been created
        at  cfc4b657387887106f99bbf28861fc189a9a3ba8 (commit)

- Shortlog ------------------------------------------------------------
commit cfc4b657387887106f99bbf28861fc189a9a3ba8
Author: Jérémy Bobbio <lunar at debian.org>
Date:   Mon Aug 31 15:14:29 2009 +0200

    Release version 1.1.7-2+lenny1

commit 604896fafa916393a7b921e9f199576efae9ce1a
Author: Jérémy Bobbio <lunar at debian.org>
Date:   Mon Aug 31 15:11:46 2009 +0200

    Update debian changelog

commit f9acb085b819a7d0c6b3e9f40bc78f26bc2d429b
Author: kp at valhallalegends.com <kp at valhallalegends.com>
Date:   Fri Dec 12 21:38:54 2008 -0600

    HTTP: fix stack overwrite due to format string error.
    
    On AMD64, %lu refers to a 64-bit unsigned value, but the address passed
    to sscanf points to a 32-bit unsigned value.  This causes an adjoining
    value on the stack to be overwritten with data from the converted
    integer.  Fix the format string to match the size of the supplied value,
    and remove the pointer cast.

commit a785cba501a940921d215c18bc410a53bf1b12e8
Author: Pekka Riikonen <priikone at silcnet.org>
Date:   Fri Aug 7 14:48:46 2009 +0300

    More string format fixes in silcd and client libary

commit 9c93e2c6df752c32bcb64335b418523aae331715
Author: Pekka Riikonen <priikone at silcnet.org>
Date:   Fri Jul 31 22:32:57 2009 +0300

    Fixed string format vulnerability in client entry handling.
    
    Reported and patch provided by William Cummings.

commit 25a6a61ecf6561bdb00e289175989e28d0fb26bb
Author: kp at valhallalegends.com <kp at valhallalegends.com>
Date:   Sat May 31 16:37:45 2008 -0500

    ASN1: Fix stack variable overwrite when encoding OID.
    
    The call to sscanf specifies a format string of "%lu", a long unsigned
    int.  The pointer argument was cast to unsigned long *, but this is
    wrong for 64 bit systems.  On 64 bit systems, unsigned long is 64 bits,
    but the oid value is a SilcUInt32 on all systems.  As a result, sscanf
    will overwrite a neighboring variable on the stack.  Fix this by
    changing the format string to "%u" and removing the cast.

-----------------------------------------------------------------------

-- 
developer files for SILC library (silc-toolkit)

More information about the Pkg-silc-commits mailing list