[Pkg-utopia-commits] r2477 - in /packages/unstable/dbus/debian: changelog patches/CVE-2008-3834.patch
biebl at users.alioth.debian.org
biebl at users.alioth.debian.org
Thu Oct 23 23:47:46 UTC 2008
Author: biebl
Date: Thu Oct 23 23:47:46 2008
New Revision: 2477
URL: http://svn.debian.org/wsvn/pkg-utopia/?sc=1&rev=2477
Log:
* debian/patches/CVE-2008-3834.patch
- The dbus_signature_validate function in the D-bus library allows
attackers to cause a denial of service (application abort) via a message
containing a malformed signature, which triggers a failed assertion
error. (Closes: #501443)
Fixes: CVE-2008-3834
- Urgency high for the security fix.
Added:
packages/unstable/dbus/debian/patches/CVE-2008-3834.patch
Modified:
packages/unstable/dbus/debian/changelog
Modified: packages/unstable/dbus/debian/changelog
URL: http://svn.debian.org/wsvn/pkg-utopia/packages/unstable/dbus/debian/changelog?rev=2477&op=diff
==============================================================================
--- packages/unstable/dbus/debian/changelog (original)
+++ packages/unstable/dbus/debian/changelog Thu Oct 23 23:47:46 2008
@@ -1,3 +1,15 @@
+dbus (1.2.1-4) UNRELEASED; urgency=high
+
+ * debian/patches/CVE-2008-3834.patch
+ - The dbus_signature_validate function in the D-bus library allows
+ attackers to cause a denial of service (application abort) via a message
+ containing a malformed signature, which triggers a failed assertion
+ error. (Closes: #501443)
+ Fixes: CVE-2008-3834
+ - Urgency high for the security fix.
+
+ -- Michael Biebl <biebl at debian.org> Fri, 24 Oct 2008 01:40:29 +0200
+
dbus (1.2.1-3) unstable; urgency=low
* debian/patches/15_dbus_group_parsing.patch
Added: packages/unstable/dbus/debian/patches/CVE-2008-3834.patch
URL: http://svn.debian.org/wsvn/pkg-utopia/packages/unstable/dbus/debian/patches/CVE-2008-3834.patch?rev=2477&op=file
==============================================================================
--- packages/unstable/dbus/debian/patches/CVE-2008-3834.patch (added)
+++ packages/unstable/dbus/debian/patches/CVE-2008-3834.patch Thu Oct 23 23:47:46 2008
@@ -1,0 +1,25 @@
+diff --git a/dbus/dbus-marshal-validate-util.c b/dbus/dbus-marshal-validate-util.c
+index f2901d7..5365d6d 100644
+--- a/dbus/dbus-marshal-validate-util.c
++++ dbus-1.0.2/dbus/dbus-marshal-validate-util.c
+@@ -228,6 +228,7 @@ _dbus_marshal_validate_test (void)
+ "123",
+ ".",
+ "("
++ "a{(ii)i}" /* https://bugs.freedesktop.org/show_bug.cgi?id=17803 */
+ };
+
+ /* Signature with reason */
+diff --git a/dbus/dbus-marshal-validate.c b/dbus/dbus-marshal-validate.c
+index e63a463..b24b5bc 100644
+--- a/dbus/dbus-marshal-validate.c
++++ dbus-1.0.2/dbus/dbus-marshal-validate.c
+@@ -247,6 +247,7 @@ _dbus_validate_signature_with_reason (const DBusString *type_str,
+ }
+
+ if (last == DBUS_DICT_ENTRY_BEGIN_CHAR &&
++ _dbus_type_is_valid (*p) &&
+ !dbus_type_is_basic (*p))
+ {
+ result = DBUS_INVALID_DICT_KEY_MUST_BE_BASIC_TYPE;
+
More information about the Pkg-utopia-commits
mailing list