Subject: CVS commit: pkgsrc/devel/cscope
To: None <pkgsrc-changes@NetBSD.org>
From: Lubomir Sedlacik <salo@netbsd.org>
List: pkgsrc-changes
Date: 08/24/2006 22:02:02
Module Name: pkgsrc
Committed By: salo
Date: Thu Aug 24 22:02:02 UTC 2006
Modified Files:
pkgsrc/devel/cscope: Makefile distinfo
pkgsrc/devel/cscope/patches: patch-aa patch-ae patch-af patch-ag
patch-ah patch-ai patch-aj
Added Files:
pkgsrc/devel/cscope/patches: patch-ap
Log Message:
Security fix for SA21601:
"Will Drewry has reported some vulnerabilities in Cscope, which
potentially can be exploited by malicious people to compromise
a vulnerable system.
1) Various boundary errors within the parsing of file lists or
the expansion of environment variables can be exploited to
cause stack-based buffer overflows when parsing specially
crafted "cscope.lists" files or directories.
2) A boundary error within the parsing of command line arguments
can be exploited to cause a stack-based buffer overflow when
supplying an overly long "reffile" argument.
Successful exploitation may allow execution of arbitrary code."
Patches adapted from cscope CVS. Bump PKGREVISION.
To generate a diff of this commit:
cvs rdiff -r1.44 -r1.45 pkgsrc/devel/cscope/Makefile
cvs rdiff -r1.14 -r1.15 pkgsrc/devel/cscope/distinfo
cvs rdiff -r1.10 -r1.11 pkgsrc/devel/cscope/patches/patch-aa
cvs rdiff -r1.8 -r1.9 pkgsrc/devel/cscope/patches/patch-ae
cvs rdiff -r1.7 -r1.8 pkgsrc/devel/cscope/patches/patch-af
cvs rdiff -r1.4 -r1.5 pkgsrc/devel/cscope/patches/patch-ag \
pkgsrc/devel/cscope/patches/patch-ah pkgsrc/devel/cscope/patches/patch-ai
cvs rdiff -r1.2 -r1.3 pkgsrc/devel/cscope/patches/patch-aj
cvs rdiff -r0 -r1.1 pkgsrc/devel/cscope/patches/patch-ap
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.