[Pkg-net-snmp-commits] r246 - branches/net-snmp54/debian/patches
jochen at alioth.debian.org
jochen at alioth.debian.org
Wed Jul 9 13:41:19 UTC 2008
Author: jochen
Date: 2008-07-09 13:41:17 +0000 (Wed, 09 Jul 2008)
New Revision: 246
Added:
branches/net-snmp54/debian/patches/50_cve2008_0960.README
branches/net-snmp54/debian/patches/50_cve2008_0960.patch
Log:
Add upstream change for CVE-2008-0960:
Upstream Changeset 17023: BUG: 1989089: Check for HMAC length
Added: branches/net-snmp54/debian/patches/50_cve2008_0960.README
===================================================================
--- branches/net-snmp54/debian/patches/50_cve2008_0960.README (rev 0)
+++ branches/net-snmp54/debian/patches/50_cve2008_0960.README 2008-07-09 13:41:17 UTC (rev 246)
@@ -0,0 +1 @@
+Upstream Changeset 17023: BUG: 1989089: Check for HMAC length
Added: branches/net-snmp54/debian/patches/50_cve2008_0960.patch
===================================================================
--- branches/net-snmp54/debian/patches/50_cve2008_0960.patch (rev 0)
+++ branches/net-snmp54/debian/patches/50_cve2008_0960.patch 2008-07-09 13:41:17 UTC (rev 246)
@@ -0,0 +1,13 @@
+--- net-snmp-5.4.1/snmplib/scapi.c 2006-09-15 05:47:01.000000000 -0700
++++ net-snmp-5.4.1.1/snmplib/scapi.c 2008-05-13 17:43:17.000000000 -0700
+@@ -563,6 +563,10 @@
+ }
+
+
++ if (maclen != USM_MD5_AND_SHA_AUTH_LEN) {
++ QUITFUN(SNMPERR_GENERR, sc_check_keyed_hash_quit);
++ }
++
+ /*
+ * Generate a full hash of the message, then compare
+ * the result with the given MAC which may shorter than
More information about the Pkg-net-snmp-commits
mailing list