[Debian-iot-maintainers] Bug#994763: ulfius: Fix CVE-2021-40540 in bullseye
Salvatore Bonaccorso
carnil at debian.org
Mon Sep 20 19:42:20 BST 2021
Hi Nicolas,
On Mon, Sep 20, 2021 at 11:43:55AM -0400, Nicolas Mora wrote:
> Source: ulfius
> Version: 2.7.1-1
> Severity: important
> Tags: patch
>
>
>
>
> -- System Information:
> Debian Release: 11.0
> APT prefers stable-updates
> APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500,
> 'proposed-updates'), (500, 'stable')
> Architecture: amd64 (x86_64)
>
> Kernel: Linux 5.10.0-8-amd64 (SMP w/4 CPU threads)
> Locale: LANG=fr_CA.UTF-8, LC_CTYPE=fr_CA.UTF-8 (charmap=UTF-8), LANGUAGE not
> set
> Shell: /bin/sh linked to /usr/bin/dash
> Init: systemd (via /run/systemd/system)
> Description: Fix CVE-2021-40540
> Author: Nicolas Mora <babelouest at debian.org>
> Forwarded: not-needed
> --- a/src/ulfius.c
> +++ b/src/ulfius.c
> @@ -207,6 +207,7 @@
> UNUSED(cls);
>
> if (con_info != NULL) {
> + memset(con_info, 0, sizeof(struct connection_info_struct));
> con_info->callback_first_iteration = 1;
> con_info->u_instance = NULL;
> u_map_init(&con_info->map_url_initial);
FWIW, It's actually not needed to fill a sepaate bug for the suites in
which you want to fix a bug. So I think we simply can merge #993851
and #994763 as the BTS has a version tracking.
Regards,
Salvatore
More information about the Debian-iot-maintainers
mailing list