[Pkg-utopia-commits] r2474 - in /packages/etch/dbus/debian: changelog patches/CVE-2008-3834.patch
biebl at users.alioth.debian.org
biebl at users.alioth.debian.org
Thu Oct 23 22:56:10 UTC 2008
Author: biebl
Date: Thu Oct 23 22:56:09 2008
New Revision: 2474
URL: http://svn.debian.org/wsvn/pkg-utopia/?sc=1&rev=2474
Log:
Import security update by Steffen Joeris
The dbus_signature_validate function does not validate properly,
which could be used to perform a DoS (Closes: #501443)
Fixes: CVE-2008-3834
Added:
packages/etch/dbus/debian/patches/CVE-2008-3834.patch
Modified:
packages/etch/dbus/debian/changelog
Modified: packages/etch/dbus/debian/changelog
URL: http://svn.debian.org/wsvn/pkg-utopia/packages/etch/dbus/debian/changelog?rev=2474&op=diff
==============================================================================
--- packages/etch/dbus/debian/changelog (original)
+++ packages/etch/dbus/debian/changelog Thu Oct 23 22:56:09 2008
@@ -1,3 +1,12 @@
+dbus (1.0.2-1+etch2) stable-security; urgency=high
+
+ * Non-maintainer upload by the security team
+ * The dbus_signature_validate function does not validate properly,
+ which could be used to perform a DoS (Closes: #501443)
+ Fixes: CVE-2008-3834
+
+ -- Steffen Joeris <white at debian.org> Tue, 21 Oct 2008 10:25:43 +0000
+
dbus (1.0.2-1+etch1) stable-security; urgency=high
* Fix CVE-2008-0595
Added: packages/etch/dbus/debian/patches/CVE-2008-3834.patch
URL: http://svn.debian.org/wsvn/pkg-utopia/packages/etch/dbus/debian/patches/CVE-2008-3834.patch?rev=2474&op=file
==============================================================================
--- packages/etch/dbus/debian/patches/CVE-2008-3834.patch (added)
+++ packages/etch/dbus/debian/patches/CVE-2008-3834.patch Thu Oct 23 22:56:09 2008
@@ -1,0 +1,25 @@
+diff --git a/dbus/dbus-marshal-validate-util.c b/dbus/dbus-marshal-validate-util.c
+index f2901d7..5365d6d 100644
+--- a/dbus/dbus-marshal-validate-util.c
++++ dbus-1.0.2/dbus/dbus-marshal-validate-util.c
+@@ -228,6 +228,7 @@ _dbus_marshal_validate_test (void)
+ "123",
+ ".",
+ "("
++ "a{(ii)i}" /* https://bugs.freedesktop.org/show_bug.cgi?id=17803 */
+ };
+
+ /* Signature with reason */
+diff --git a/dbus/dbus-marshal-validate.c b/dbus/dbus-marshal-validate.c
+index e63a463..b24b5bc 100644
+--- a/dbus/dbus-marshal-validate.c
++++ dbus-1.0.2/dbus/dbus-marshal-validate.c
+@@ -247,6 +247,7 @@ _dbus_validate_signature_with_reason (const DBusString *type_str,
+ }
+
+ if (last == DBUS_DICT_ENTRY_BEGIN_CHAR &&
++ _dbus_type_is_valid (*p) &&
+ !dbus_type_is_basic (*p))
+ {
+ result = DBUS_INVALID_DICT_KEY_MUST_BE_BASIC_TYPE;
+
More information about the Pkg-utopia-commits
mailing list