pkg/46519: [Patch]sysutils/ups-nut: a security patch for CVE-2012-2944

To: pkg-manager%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,pkgsrc-bugs%netbsd.org@localhost
Subject: pkg/46519: [Patch]sysutils/ups-nut: a security patch for CVE-2012-2944
From: wenheping%gmail.com@localhost
Date: Sat, 2 Jun 2012 15:20:01 +0000 (UTC)

>Number:         46519
>Category:       pkg
>Synopsis:       [Patch]sysutils/ups-nut: a security patch for CVE-2012-2944
>Confidential:   no
>Severity:       serious
>Priority:       low
>Responsible:    pkg-manager
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sat Jun 02 15:20:01 +0000 2012
>Originator:     wen heping
>Release:        NetBSD-5.1.2
>Organization:
netbsd
>Environment:
>Description:
apply a patch from upstream to fix CVE-2012-2944:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2944
>How-To-Repeat:

>Fix:
Index: Makefile.common
===================================================================
RCS file: /cvsroot/pkgsrc/sysutils/ups-nut/Makefile.common,v
retrieving revision 1.3
diff -u -p -r1.3 Makefile.common
--- Makefile.common     29 Jul 2011 15:11:40 -0000      1.3
+++ Makefile.common     2 Jun 2012 15:09:46 -0000
@@ -6,6 +6,7 @@
 # used by sysutils/p5-ups-nut/Makefile
 
 DISTNAME=              nut-2.6.1
+PKGREVISION=           1
 CATEGORIES=            sysutils
 MASTER_SITES=          http://www.networkupstools.org/source/2.6/
 
Index: distinfo
===================================================================
RCS file: /cvsroot/pkgsrc/sysutils/ups-nut/distinfo,v
retrieving revision 1.27
diff -u -p -r1.27 distinfo
--- distinfo    29 Jul 2011 15:11:40 -0000      1.27
+++ distinfo    2 Jun 2012 15:09:46 -0000
@@ -6,3 +6,4 @@ Size (nut-2.6.1.tar.gz) = 1776645 bytes
 SHA1 (patch-aa) = 53825abe2f7c6f5285a73edd5e990518bb8d0c84
 SHA1 (patch-ab) = 2321e8c5a53c0a6fb2e227b4a5ffc2793641f7bf
 SHA1 (patch-ac) = d0f31a48d35c66f5c0405b4a40799769ed0930f6
+SHA1 (patch-ad) = 429f6c04ebbd1a1e6f16243f551def4bcb393493
Index: patches/patch-ad
===================================================================
RCS file: patches/patch-ad
diff -N patches/patch-ad
--- /dev/null   1 Jan 1970 00:00:00 -0000
+++ patches/patch-ad    2 Jun 2012 15:09:46 -0000
@@ -0,0 +1,17 @@
+$NetBSD$
+
+--- common/parseconf.c.orig    2012-06-02 22:51:52.000000000 +0000
++++ common/parseconf.c
+@@ -171,6 +171,12 @@ static void addchar(PCONF_CTX_t *ctx)
+ 
+       wbuflen = strlen(ctx->wordbuf);
+ 
++      /* CVE-2012-2944: only allow the subset Ascii charset from Space to ~ 
*/ 
++      if ((ctx->ch < 0x20) || (ctx->ch > 0x7f)) { 
++              fprintf(stderr, "addchar: discarding invalid character 
(0x%02x)!\n",ctx->ch); 
++              return; 
++      } 
++
+       if (ctx->wordlen_limit != 0) {
+               if (wbuflen >= ctx->wordlen_limit) {
+

Prev by Date: PR/46517 CVS commit: pkgsrc/net/pear-Net_LDAP2
Next by Date: pkg/46520: [Update]net/pear-SOAP:update to 0.13.0
Previous by Thread: PR/46517 CVS commit: pkgsrc/net/pear-Net_LDAP2
Next by Thread: Re: pkg/46519: [Patch]sysutils/ups-nut: a security patch for CVE-2012-2944
Indexes:

Home | Main Index | Thread Index | Old Index