[Pkg-utopia-commits] r2477 - in /packages/unstable/dbus/debian: changelog patches/CVE-2008-3834.patch

biebl at users.alioth.debian.org biebl at users.alioth.debian.org
Thu Oct 23 23:47:46 UTC 2008 

Author: biebl
Date: Thu Oct 23 23:47:46 2008
New Revision: 2477

URL: http://svn.debian.org/wsvn/pkg-utopia/?sc=1&rev=2477
Log:
* debian/patches/CVE-2008-3834.patch
  - The dbus_signature_validate function in the D-bus library allows
    attackers to cause a denial of service (application abort) via a message
    containing a malformed signature, which triggers a failed assertion
    error. (Closes: #501443)
    Fixes: CVE-2008-3834
  - Urgency high for the security fix.

Added:
    packages/unstable/dbus/debian/patches/CVE-2008-3834.patch
Modified:
    packages/unstable/dbus/debian/changelog

Modified: packages/unstable/dbus/debian/changelog
URL: http://svn.debian.org/wsvn/pkg-utopia/packages/unstable/dbus/debian/changelog?rev=2477&op=diff
==============================================================================
--- packages/unstable/dbus/debian/changelog (original)
+++ packages/unstable/dbus/debian/changelog Thu Oct 23 23:47:46 2008
@@ -1,3 +1,15 @@
+dbus (1.2.1-4) UNRELEASED; urgency=high
+
+  * debian/patches/CVE-2008-3834.patch
+    - The dbus_signature_validate function in the D-bus library allows
+      attackers to cause a denial of service (application abort) via a message
+      containing a malformed signature, which triggers a failed assertion
+      error. (Closes: #501443)
+      Fixes: CVE-2008-3834
+    - Urgency high for the security fix.
+
+ -- Michael Biebl <biebl at debian.org>  Fri, 24 Oct 2008 01:40:29 +0200
+
 dbus (1.2.1-3) unstable; urgency=low
 
   * debian/patches/15_dbus_group_parsing.patch

Added: packages/unstable/dbus/debian/patches/CVE-2008-3834.patch
URL: http://svn.debian.org/wsvn/pkg-utopia/packages/unstable/dbus/debian/patches/CVE-2008-3834.patch?rev=2477&op=file
==============================================================================
--- packages/unstable/dbus/debian/patches/CVE-2008-3834.patch (added)
+++ packages/unstable/dbus/debian/patches/CVE-2008-3834.patch Thu Oct 23 23:47:46 2008
@@ -1,0 +1,25 @@
+diff --git a/dbus/dbus-marshal-validate-util.c b/dbus/dbus-marshal-validate-util.c
+index f2901d7..5365d6d 100644
+--- a/dbus/dbus-marshal-validate-util.c
++++ dbus-1.0.2/dbus/dbus-marshal-validate-util.c
+@@ -228,6 +228,7 @@ _dbus_marshal_validate_test (void)
+     "123",
+     ".",
+     "("
++    "a{(ii)i}" /* https://bugs.freedesktop.org/show_bug.cgi?id=17803 */
+   };
+ 
+   /* Signature with reason */
+diff --git a/dbus/dbus-marshal-validate.c b/dbus/dbus-marshal-validate.c
+index e63a463..b24b5bc 100644
+--- a/dbus/dbus-marshal-validate.c
++++ dbus-1.0.2/dbus/dbus-marshal-validate.c
+@@ -247,6 +247,7 @@ _dbus_validate_signature_with_reason (const DBusString *type_str,
+         }
+ 
+       if (last == DBUS_DICT_ENTRY_BEGIN_CHAR &&
++          _dbus_type_is_valid (*p) &&
+           !dbus_type_is_basic (*p))
+         {
+           result = DBUS_INVALID_DICT_KEY_MUST_BE_BASIC_TYPE;
+

More information about the Pkg-utopia-commits mailing list