[Pkg-utopia-commits] r2563 - in /packages/etch/avahi/debian: changelog patches/14_CVE-2008-5081.patch

sjoerd at users.alioth.debian.org sjoerd at users.alioth.debian.org
Sun Dec 14 18:31:13 UTC 2008 

Author: sjoerd
Date: Sun Dec 14 18:31:13 2008
New Revision: 2563

URL: http://svn.debian.org/wsvn/pkg-utopia/?sc=1&rev=2563
Log:
* debian/patches/14_CVE-2008-5081.patch
  - Added. Don't abort on receiving an UDP packet with a source port of zero.
    (Closes: #508700)

Added:
    packages/etch/avahi/debian/patches/14_CVE-2008-5081.patch
Modified:
    packages/etch/avahi/debian/changelog

Modified: packages/etch/avahi/debian/changelog
URL: http://svn.debian.org/wsvn/pkg-utopia/packages/etch/avahi/debian/changelog?rev=2563&op=diff
==============================================================================
--- packages/etch/avahi/debian/changelog (original)
+++ packages/etch/avahi/debian/changelog Sun Dec 14 18:31:13 2008
@@ -1,3 +1,11 @@
+avahi (0.6.16-3etch2) UNRELEASED; urgency=low
+
+  * debian/patches/14_CVE-2008-5081.patch
+    - Added. Don't abort on receiving an UDP packet with a source port of zero.
+      (Closes: #508700)
+
+ -- Sjoerd Simons <sjoerd at debian.org>  Sun, 14 Dec 2008 18:22:56 +0000
+
 avahi (0.6.16-3etch1) testing-proposed-updates; urgency=low
 
   * debian/avahi-daemon-check-dns.sh: Run ifconfig with LC_ALL=C to make

Added: packages/etch/avahi/debian/patches/14_CVE-2008-5081.patch
URL: http://svn.debian.org/wsvn/pkg-utopia/packages/etch/avahi/debian/patches/14_CVE-2008-5081.patch?rev=2563&op=file
==============================================================================
--- packages/etch/avahi/debian/patches/14_CVE-2008-5081.patch (added)
+++ packages/etch/avahi/debian/patches/14_CVE-2008-5081.patch Sun Dec 14 18:31:13 2008
@@ -1,0 +1,27 @@
+commit 3093047f1aa36bed8a37fa79004bf0ee287929f4
+Author: Lennart Poettering <lennart at poettering.net>
+Date:   Thu Dec 11 20:57:45 2008 +0100
+
+    Don't get confused by UDP packets with a source port that is zero
+    
+    This is a fix for rhbz 475394.
+    
+    Problem identified by Hugo Dias.
+
+diff --git a/avahi-core/server.c b/avahi-core/server.c
+index c4980af..11ab6cf 100644
+--- a/avahi-core/server.c
++++ b/avahi-core/server.c
+@@ -898,6 +898,12 @@ static void dispatch_packet(AvahiServer *s, AvahiDnsPacket *p, const AvahiAddres
+         return;
+     }
+ 
++    if (port <= 0) {
++        /* This fixes RHBZ #475394 */
++        avahi_log_warn("Received packet from invalid source port.");
++        return;
++    }
++
+     if (avahi_address_is_ipv4_in_ipv6(src_address))
+         /* This is an IPv4 address encapsulated in IPv6, so let's ignore it. */
+         return;

More information about the Pkg-utopia-commits mailing list