[Secure-testing-commits] r5690 - in data: . patches/MOPB/php4-etch

[Sean Finney]

Author: seanius
Date: 2007-04-20 23:14:27 +0000 (Fri, 20 Apr 2007)
New Revision: 5690

Modified:
   data/mopb.txt
   data/patches/MOPB/php4-etch/071-CVE-2007-1380-MOPB-10.patch
Log:
fixed mopb 10 patch and add testing info for php4/etch

Modified: data/mopb.txt
===================================================================
--- data/mopb.txt	2007-04-20 21:16:39 UTC (rev 5689)
+++ data/mopb.txt	2007-04-20 23:14:27 UTC (rev 5690)
@@ -176,20 +176,22 @@
 # php4 checklist
 
    Sarge Etch
-41   ?    ?
-35   ?    ?
-34   /    a
-32   a    a 
-30   
-26
-22   a    a
-10   a    a
-04   a    a
+41   ?    x
+35   ?    x
+34   /    t
+32   a    T 
+30        n
+26         
+22   a    t 
+10   a    T <- seemed already fixed but this completes the patch
+04   a    T
 
 ? = more info
 x = fix needed
 * = extracted
 a = patch generated and commited to SVN
+n = didn't seem affected
+t = didn't seem affected, but patch makes sense
 T = code tested
 / = not affected
 

Modified: data/patches/MOPB/php4-etch/071-CVE-2007-1380-MOPB-10.patch
===================================================================
--- data/patches/MOPB/php4-etch/071-CVE-2007-1380-MOPB-10.patch	2007-04-20 21:16:39 UTC (rev 5689)
+++ data/patches/MOPB/php4-etch/071-CVE-2007-1380-MOPB-10.patch	2007-04-20 23:14:27 UTC (rev 5690)
@@ -5,7 +5,7 @@
  		namelen = *p & (~PS_BIN_UNDEF);
 
 -		if (namelen > PS_BIN_MAX || (p + namelen) >= endptr) {
-+		if ((namelen < 0 || namelen > PS_BIN_MAX || (p + namelen) >= endptr) {
++		if (namelen < 0 || namelen > PS_BIN_MAX || (p + namelen) >= endptr) {
  			return FAILURE;
  		}