[Pkg-gnutls-commits] r1364 - in /packages/gnutls26/branches/branch2.8.6-squeeze/debian: changelog patches/20_CVE-2011-4128.part1.diff patches/20_CVE-2011-4128.part2.diff patches/series

ametzler at users.alioth.debian.org ametzler at users.alioth.debian.org
Thu Dec 22 17:54:26 UTC 2011


Author: ametzler
Date: Thu Dec 22 17:54:25 2011
New Revision: 1364

URL: http://svn.debian.org/wsvn/pkg-gnutls/?sc=1&rev=1364
Log:
Pull fixes for buffer overflow in gnutls_session_get_data() from upstream git. (CVE-2011-4128: GNUTLS-SA-2011-2) Closes: #648441

Added:
    packages/gnutls26/branches/branch2.8.6-squeeze/debian/patches/20_CVE-2011-4128.part1.diff
    packages/gnutls26/branches/branch2.8.6-squeeze/debian/patches/20_CVE-2011-4128.part2.diff
Modified:
    packages/gnutls26/branches/branch2.8.6-squeeze/debian/changelog
    packages/gnutls26/branches/branch2.8.6-squeeze/debian/patches/series

Modified: packages/gnutls26/branches/branch2.8.6-squeeze/debian/changelog
URL: http://svn.debian.org/wsvn/pkg-gnutls/packages/gnutls26/branches/branch2.8.6-squeeze/debian/changelog?rev=1364&op=diff
==============================================================================
--- packages/gnutls26/branches/branch2.8.6-squeeze/debian/changelog (original)
+++ packages/gnutls26/branches/branch2.8.6-squeeze/debian/changelog Thu Dec 22 17:54:25 2011
@@ -1,3 +1,11 @@
+gnutls26 (2.8.6-1+squeeze1) stable; urgency=low
+
+  * Pull fixes for buffer overflow in gnutls_session_get_data() from upstream
+    git. (CVE-2011-4128: GNUTLS-SA-2011-2) Closes: #648441
+    20_CVE-2011-4128.part1.diff 20_CVE-2011-4128.part2.diff
+
+ -- Andreas Metzler <ametzler at debian.org>  Thu, 22 Dec 2011 18:07:26 +0100
+
 gnutls26 (2.8.6-1) unstable; urgency=low
 
   * Use dh_lintian.

Added: packages/gnutls26/branches/branch2.8.6-squeeze/debian/patches/20_CVE-2011-4128.part1.diff
URL: http://svn.debian.org/wsvn/pkg-gnutls/packages/gnutls26/branches/branch2.8.6-squeeze/debian/patches/20_CVE-2011-4128.part1.diff?rev=1364&op=file
==============================================================================
--- packages/gnutls26/branches/branch2.8.6-squeeze/debian/patches/20_CVE-2011-4128.part1.diff (added)
+++ packages/gnutls26/branches/branch2.8.6-squeeze/debian/patches/20_CVE-2011-4128.part1.diff Thu Dec 22 17:54:25 2011
@@ -1,0 +1,44 @@
+From 190cef6eed37d0e73a73c1e205eb31d45ab60a3c Mon Sep 17 00:00:00 2001
+From: Alban Crequy <alban.crequy at collabora.co.uk>
+Date: Mon, 7 Nov 2011 18:51:27 +0000
+Subject: [PATCH] gnutls_session_get_data: fix possible buffer overflow
+
+The test to avoid the buffer overflow was always false because
+session_data_size was set at the wrong place. This problem has been introduced
+by this commit:
+
+|commit ad4ed44c65e753e6d3a00104c049dd81826ccbf3
+|Author: Nikos Mavrogiannopoulos <nmav at gnutls.org>
+|Date:   Mon Nov 7 22:24:48 2005 +0000
+|
+|    This is the initial commit in the 1.3 branch. Ported from the PSK branch:
+|    * PSK ciphersuites have been added.
+|    * The session resumption data are now system independent.
+
+Signed-off-by: Nikos Mavrogiannopoulos <nmav at gnutls.org>
+---
+ lib/gnutls_session.c |    2 +-
+ 1 files changed, 1 insertions(+), 1 deletions(-)
+
+diff --git a/lib/gnutls_session.c b/lib/gnutls_session.c
+index 8028d5a..418a2ba 100644
+--- a/lib/gnutls_session.c
++++ b/lib/gnutls_session.c
+@@ -63,13 +63,13 @@ gnutls_session_get_data (gnutls_session_t session,
+       gnutls_assert ();
+       return ret;
+     }
+-  *session_data_size = psession.size;
+ 
+   if (psession.size > *session_data_size)
+     {
+       ret = GNUTLS_E_SHORT_MEMORY_BUFFER;
+       goto error;
+     }
++  *session_data_size = psession.size;
+ 
+   if (session_data != NULL)
+     memcpy (session_data, psession.data, psession.size);
+-- 
+1.7.2.5
+

Added: packages/gnutls26/branches/branch2.8.6-squeeze/debian/patches/20_CVE-2011-4128.part2.diff
URL: http://svn.debian.org/wsvn/pkg-gnutls/packages/gnutls26/branches/branch2.8.6-squeeze/debian/patches/20_CVE-2011-4128.part2.diff?rev=1364&op=file
==============================================================================
--- packages/gnutls26/branches/branch2.8.6-squeeze/debian/patches/20_CVE-2011-4128.part2.diff (added)
+++ packages/gnutls26/branches/branch2.8.6-squeeze/debian/patches/20_CVE-2011-4128.part2.diff Thu Dec 22 17:54:25 2011
@@ -1,0 +1,24 @@
+From e82ef4545e9e98cbcb032f55d7c750b81e3a0450 Mon Sep 17 00:00:00 2001
+From: Nikos Mavrogiannopoulos <nmav at gnutls.org>
+Date: Tue, 8 Nov 2011 07:52:56 +0100
+Subject: [PATCH] bug fix in gnutls_session_get_data().
+
+---
+ lib/gnutls_session.c |    1 +
+ 1 files changed, 1 insertions(+), 0 deletions(-)
+
+diff --git a/lib/gnutls_session.c b/lib/gnutls_session.c
+index 418a2ba..fd012fe 100644
+--- a/lib/gnutls_session.c
++++ b/lib/gnutls_session.c
+@@ -66,6 +66,7 @@ gnutls_session_get_data (gnutls_session_t session,
+ 
+   if (psession.size > *session_data_size)
+     {
++      *session_data_size = psession.size;
+       ret = GNUTLS_E_SHORT_MEMORY_BUFFER;
+       goto error;
+     }
+-- 
+1.7.2.5
+

Modified: packages/gnutls26/branches/branch2.8.6-squeeze/debian/patches/series
URL: http://svn.debian.org/wsvn/pkg-gnutls/packages/gnutls26/branches/branch2.8.6-squeeze/debian/patches/series?rev=1364&op=diff
==============================================================================
--- packages/gnutls26/branches/branch2.8.6-squeeze/debian/patches/series (original)
+++ packages/gnutls26/branches/branch2.8.6-squeeze/debian/patches/series Thu Dec 22 17:54:25 2011
@@ -1,3 +1,5 @@
 14_version_gettextcat.diff
 15_fixgnutlspc.diff
 16_unnecessarydep.diff
+20_CVE-2011-4128.part1.diff
+20_CVE-2011-4128.part2.diff




More information about the Pkg-gnutls-commits mailing list