Module Name:	pkgsrc
Committed By:	recht
Date:		Wed Nov  5 00:05:06 UTC 2003

Modified Files:
	pkgsrc/sysutils/coreutils: Makefile distinfo
Added Files:
	pkgsrc/sysutils/coreutils/patches: patch-ab patch-ac

Log Message:
Fix two security issues:

1.)
An integer overflow in ls in the fileutils or coreutils packages may allow
local users to cause a denial of service or execute arbitrary code via a
large -w value, which could be remotely exploited via applications that use
ls, such as wu-ftpd.

2.)
ls in the fileutils or coreutils packages allows local users to consume a
large amount of memory via a large -w value, which can be remotely exploited
via applications that use ls, such as wu-ftpd.

See
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0853
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0854
and the original report
http://www.guninski.com/binls.html
for details.

Patches taken from Red Hat's Security Advisory RHSA-2003:309-01.

reported by reed@
bump PKGREVISION


To generate a diff of this commit:
cvs rdiff -r1.11 -r1.12 pkgsrc/sysutils/coreutils/Makefile
cvs rdiff -r1.1.1.1 -r1.2 pkgsrc/sysutils/coreutils/distinfo
cvs rdiff -r0 -r1.1 pkgsrc/sysutils/coreutils/patches/patch-ab \
    pkgsrc/sysutils/coreutils/patches/patch-ac

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.