[Pkg-utopia-commits] r2474 - in /packages/etch/dbus/debian: changelog patches/CVE-2008-3834.patch

biebl at users.alioth.debian.org biebl at users.alioth.debian.org
Thu Oct 23 22:56:10 UTC 2008 

Author: biebl
Date: Thu Oct 23 22:56:09 2008
New Revision: 2474

URL: http://svn.debian.org/wsvn/pkg-utopia/?sc=1&rev=2474
Log:
Import security update by Steffen Joeris

The dbus_signature_validate function does not validate properly,
which could be used to perform a DoS (Closes: #501443)
Fixes: CVE-2008-3834


Added:
    packages/etch/dbus/debian/patches/CVE-2008-3834.patch
Modified:
    packages/etch/dbus/debian/changelog

Modified: packages/etch/dbus/debian/changelog
URL: http://svn.debian.org/wsvn/pkg-utopia/packages/etch/dbus/debian/changelog?rev=2474&op=diff
==============================================================================
--- packages/etch/dbus/debian/changelog (original)
+++ packages/etch/dbus/debian/changelog Thu Oct 23 22:56:09 2008
@@ -1,3 +1,12 @@
+dbus (1.0.2-1+etch2) stable-security; urgency=high
+
+  * Non-maintainer upload by the security team
+  * The dbus_signature_validate function does not validate properly,
+    which could be used to perform a DoS (Closes: #501443)
+    Fixes: CVE-2008-3834
+
+ -- Steffen Joeris <white at debian.org>  Tue, 21 Oct 2008 10:25:43 +0000
+
 dbus (1.0.2-1+etch1) stable-security; urgency=high
 
   * Fix CVE-2008-0595

Added: packages/etch/dbus/debian/patches/CVE-2008-3834.patch
URL: http://svn.debian.org/wsvn/pkg-utopia/packages/etch/dbus/debian/patches/CVE-2008-3834.patch?rev=2474&op=file
==============================================================================
--- packages/etch/dbus/debian/patches/CVE-2008-3834.patch (added)
+++ packages/etch/dbus/debian/patches/CVE-2008-3834.patch Thu Oct 23 22:56:09 2008
@@ -1,0 +1,25 @@
+diff --git a/dbus/dbus-marshal-validate-util.c b/dbus/dbus-marshal-validate-util.c
+index f2901d7..5365d6d 100644
+--- a/dbus/dbus-marshal-validate-util.c
++++ dbus-1.0.2/dbus/dbus-marshal-validate-util.c
+@@ -228,6 +228,7 @@ _dbus_marshal_validate_test (void)
+     "123",
+     ".",
+     "("
++    "a{(ii)i}" /* https://bugs.freedesktop.org/show_bug.cgi?id=17803 */
+   };
+ 
+   /* Signature with reason */
+diff --git a/dbus/dbus-marshal-validate.c b/dbus/dbus-marshal-validate.c
+index e63a463..b24b5bc 100644
+--- a/dbus/dbus-marshal-validate.c
++++ dbus-1.0.2/dbus/dbus-marshal-validate.c
+@@ -247,6 +247,7 @@ _dbus_validate_signature_with_reason (const DBusString *type_str,
+         }
+ 
+       if (last == DBUS_DICT_ENTRY_BEGIN_CHAR &&
++          _dbus_type_is_valid (*p) &&
+           !dbus_type_is_basic (*p))
+         {
+           result = DBUS_INVALID_DICT_KEY_MUST_BE_BASIC_TYPE;
+

More information about the Pkg-utopia-commits mailing list