Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: "Eray Aslan (eras)" <eras@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] gentoo-x86 commit in app-crypt/mit-krb5/files: CVE-2014-4343.patch CVE-2014-4344.patch
Date: Fri, 25 Jul 2014 13:40:40
Message-Id: 20140725134034.DE4F52004E@flycatcher.gentoo.org
1 eras 14/07/25 13:40:34
2
3 Added: CVE-2014-4343.patch CVE-2014-4344.patch
4 Log:
5 Security bump - bug #517936
6
7 (Portage version: 2.2.10/cvs/Linux x86_64, signed Manifest commit with key 0x77F1F175586A3B1F)
8
9 Revision Changes Path
10 1.1 app-crypt/mit-krb5/files/CVE-2014-4343.patch
11
12 file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-crypt/mit-krb5/files/CVE-2014-4343.patch?rev=1.1&view=markup
13 plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-crypt/mit-krb5/files/CVE-2014-4343.patch?rev=1.1&content-type=text/plain
14
15 Index: CVE-2014-4343.patch
16 ===================================================================
17 --- a/src/lib/gssapi/spnego/spnego_mech.c
18 +++ b/src/lib/gssapi/spnego/spnego_mech.c
19 @@ -818,7 +818,6 @@ init_ctx_reselect(OM_uint32 *minor_status, spnego_gss_ctx_id_t sc,
20 OM_uint32 tmpmin;
21 size_t i;
22
23 - generic_gss_release_oid(&tmpmin, &sc->internal_mech);
24 gss_delete_sec_context(&tmpmin, &sc->ctx_handle,
25 GSS_C_NO_BUFFER);
26
27
28
29
30
31 1.1 app-crypt/mit-krb5/files/CVE-2014-4344.patch
32
33 file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-crypt/mit-krb5/files/CVE-2014-4344.patch?rev=1.1&view=markup
34 plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-crypt/mit-krb5/files/CVE-2014-4344.patch?rev=1.1&content-type=text/plain
35
36 Index: CVE-2014-4344.patch
37 ===================================================================
38 --- a/src/lib/gssapi/spnego/spnego_mech.c
39 +++ b/src/lib/gssapi/spnego/spnego_mech.c
40 @@ -1468,7 +1468,7 @@ acc_ctx_cont(OM_uint32 *minstat,
41
42 ptr = bufstart = buf->value;
43 #define REMAIN (buf->length - (ptr - bufstart))
44 - if (REMAIN > INT_MAX)
45 + if (REMAIN == 0 || REMAIN > INT_MAX)
46 return GSS_S_DEFECTIVE_TOKEN;
47
48 /*
Report Message
Find on MARC Find on Google Groups