| 1 |
jsbronder 14/06/19 19:55:00 |
| 2 |
|
| 3 |
Added: CVE-2014-0749.patch CVE-2013-4495.patch |
| 4 |
Log: |
| 5 |
Bump 2.5.13 with additional patches for CVE-2013-4495 (#491270) and CVE-2014-0749 (#510726) |
| 6 |
|
| 7 |
(Portage version: 2.2.8-r1/cvs/Linux x86_64, signed Manifest commit with key 4D7043C9) |
| 8 |
|
| 9 |
Revision Changes Path |
| 10 |
1.1 sys-cluster/torque/files/CVE-2014-0749.patch |
| 11 |
|
| 12 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sys-cluster/torque/files/CVE-2014-0749.patch?rev=1.1&view=markup |
| 13 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sys-cluster/torque/files/CVE-2014-0749.patch?rev=1.1&content-type=text/plain |
| 14 |
|
| 15 |
Index: CVE-2014-0749.patch |
| 16 |
=================================================================== |
| 17 |
From 3ed749263abe3d69fa3626d142a5789dcb5a5684 Mon Sep 17 00:00:00 2001 |
| 18 |
From: David Beer <dbeer@×××××××××××××××××.com> |
| 19 |
Date: Fri, 23 Aug 2013 15:53:09 -0600 |
| 20 |
Subject: [PATCH] Merge pull request #171 into 2.5-fixes. |
| 21 |
|
| 22 |
--- |
| 23 |
src/lib/Libdis/disrsi_.c | 9 +++++++++ |
| 24 |
1 file changed, 9 insertions(+) |
| 25 |
|
| 26 |
diff --git a/src/lib/Libdis/disrsi_.c b/src/lib/Libdis/disrsi_.c |
| 27 |
index 69edd28..154514c 100644 |
| 28 |
--- a/src/lib/Libdis/disrsi_.c |
| 29 |
+++ b/src/lib/Libdis/disrsi_.c |
| 30 |
@@ -112,6 +112,15 @@ int disrsi_( |
| 31 |
if (dis_umaxd == 0) |
| 32 |
disiui_(); |
| 33 |
|
| 34 |
+ if (count >= dis_umaxd) |
| 35 |
+ { |
| 36 |
+ if (count > dis_umaxd) |
| 37 |
+ goto overflow; |
| 38 |
+ |
| 39 |
+ if (memcmp(scratch, dis_umax, dis_umaxd) > 0) |
| 40 |
+ goto overflow; |
| 41 |
+ } |
| 42 |
+ |
| 43 |
switch (c = (*dis_getc)(stream)) |
| 44 |
{ |
| 45 |
|
| 46 |
-- |
| 47 |
1.8.3.2 |
| 48 |
|
| 49 |
|
| 50 |
|
| 51 |
|
| 52 |
1.1 sys-cluster/torque/files/CVE-2013-4495.patch |
| 53 |
|
| 54 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sys-cluster/torque/files/CVE-2013-4495.patch?rev=1.1&view=markup |
| 55 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sys-cluster/torque/files/CVE-2013-4495.patch?rev=1.1&content-type=text/plain |
| 56 |
|
| 57 |
Index: CVE-2013-4495.patch |
| 58 |
=================================================================== |
| 59 |
From 8246d967bbcf174482ef01b1bf4920a5944b1011 Mon Sep 17 00:00:00 2001 |
| 60 |
From: David Beer <dbeer@×××××××××××××××××.com> |
| 61 |
Date: Wed, 13 Nov 2013 10:47:48 -0700 |
| 62 |
Subject: [PATCH] Use Michael Jenning's patch for CVE 2013-4495 instead of the |
| 63 |
original. This one is being used because 2.5 should face the minimal possible |
| 64 |
change. |
| 65 |
|
| 66 |
--- |
| 67 |
src/server/svr_mail.c | 6 ++---- |
| 68 |
1 file changed, 2 insertions(+), 4 deletions(-) |
| 69 |
|
| 70 |
diff --git a/src/server/svr_mail.c b/src/server/svr_mail.c |
| 71 |
index 26b6dd7..241bdfc 100644 |
| 72 |
--- a/src/server/svr_mail.c |
| 73 |
+++ b/src/server/svr_mail.c |
| 74 |
@@ -372,11 +372,9 @@ void svr_mailowner( |
| 75 |
exit(1); |
| 76 |
} |
| 77 |
|
| 78 |
- sprintf(cmdbuf, "%s -f %s %s", |
| 79 |
- |
| 80 |
+ sprintf(cmdbuf, "%s -t -f %s", |
| 81 |
SENDMAIL_CMD, |
| 82 |
- mailfrom, |
| 83 |
- mailto); |
| 84 |
+ mailfrom); |
| 85 |
|
| 86 |
outmail = (FILE *)popen(cmdbuf, "w"); |
| 87 |
|
| 88 |
-- |
| 89 |
1.8.3.2 |
Archives