Bug#599711: CVE-2010-3495
Ben Hutchings
ben at decadent.org.uk
Sat Oct 30 13:54:43 UTC 2010
This should fix the bug, if necessary.
Ben.
--- zodb-3.9.4/debian/changelog
+++ zodb-3.9.4/debian/changelog
@@ -1,3 +1,11 @@
+zodb (1:3.9.4-1.1) unstable; urgency=low
+
+ * Non-maintainer upload.
+ * Fix some cases where a new or aborted connection would cause the server
+ to crash (CVE-2010-3495) (Closes: #599711)
+
+ -- Ben Hutchings <ben at decadent.org.uk> Sat, 30 Oct 2010 15:36:31 +0200
+
zodb (1:3.9.4-1) unstable; urgency=low
[ Brian Sutherland ]
--- zodb-3.9.4.orig/src/ZEO/StorageServer.py
+++ zodb-3.9.4/src/ZEO/StorageServer.py
@@ -133,6 +133,8 @@
addr = conn.addr
if isinstance(addr, type("")):
label = addr
+ elif addr is None:
+ label = ''
else:
host, port = addr
label = str(host) + ":" + str(port)
--- END ---
--
Ben Hutchings
Once a job is fouled up, anything done to improve it makes it worse.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 828 bytes
Desc: This is a digitally signed message part
URL: <http://lists.alioth.debian.org/pipermail/pkg-zope-developers/attachments/20101030/967b101a/attachment.pgp>
More information about the pkg-zope-developers
mailing list