[Pkg-openssl-changes] r542 - in openssl/branches/squeeze/debian: . patches
Kurt Roeckx
kroeckx at alioth.debian.org
Sat Mar 17 14:56:44 UTC 2012
Author: kroeckx
Date: 2012-03-17 14:56:44 +0000 (Sat, 17 Mar 2012)
New Revision: 542
Added:
openssl/branches/squeeze/debian/patches/CVE-2012-1165.patch
Modified:
openssl/branches/squeeze/debian/changelog
openssl/branches/squeeze/debian/patches/series
Log:
Fix CVE-2012-1165
Modified: openssl/branches/squeeze/debian/changelog
===================================================================
--- openssl/branches/squeeze/debian/changelog 2012-03-17 13:59:04 UTC (rev 541)
+++ openssl/branches/squeeze/debian/changelog 2012-03-17 14:56:44 UTC (rev 542)
@@ -1,3 +1,9 @@
+openssl (0.9.8o-4squeeze9) squeeze-security; urgency=low
+
+ * Fix CVE-2012-1165
+
+ -- Kurt Roeckx <kurt at roeckx.be> Sat, 17 Mar 2012 15:56:07 +0100
+
openssl (0.9.8o-4squeeze8) squeeze-security; urgency=low
* Fix CVE-2012-0884
Added: openssl/branches/squeeze/debian/patches/CVE-2012-1165.patch
===================================================================
--- openssl/branches/squeeze/debian/patches/CVE-2012-1165.patch (rev 0)
+++ openssl/branches/squeeze/debian/patches/CVE-2012-1165.patch 2012-03-17 14:56:44 UTC (rev 542)
@@ -0,0 +1,26 @@
+Index: openssl/crypto/asn1/asn_mime.c
+RCS File: /v/openssl/cvs/openssl/crypto/asn1/asn_mime.c,v
+rcsdiff -q -kk '-r1.7' '-r1.8' -u '/v/openssl/cvs/openssl/crypto/asn1/asn_mime.c,v' 2>/dev/null
+--- asn_mime.c 2012/02/29 14:02:02 1.7
++++ asn_mime.c 2012/03/12 16:32:19 1.8
+@@ -862,9 +862,8 @@
+ static int mime_hdr_cmp(const MIME_HEADER * const *a,
+ const MIME_HEADER * const *b)
+ {
+- if ((*a)->name == NULL || (*b)->name == NULL)
+- return (*a)->name - (*b)->name < 0 ? -1 :
+- (*a)->name - (*b)->name > 0 ? 1 : 0;
++ if (!(*a)->name || !(*b)->name)
++ return !!(*a)->name - !!(*b)->name;
+
+ return(strcmp((*a)->name, (*b)->name));
+ }
+@@ -872,6 +871,8 @@
+ static int mime_param_cmp(const MIME_PARAM * const *a,
+ const MIME_PARAM * const *b)
+ {
++ if (!(*a)->param_name || !(*b)->param_name)
++ return !!(*a)->param_name - !!(*b)->param_name;
+ return(strcmp((*a)->param_name, (*b)->param_name));
+ }
+
Modified: openssl/branches/squeeze/debian/patches/series
===================================================================
--- openssl/branches/squeeze/debian/patches/series 2012-03-17 13:59:04 UTC (rev 541)
+++ openssl/branches/squeeze/debian/patches/series 2012-03-17 14:56:44 UTC (rev 542)
@@ -34,3 +34,4 @@
dtls-fragment-alert.patch
CVE-2012-0050.patch
CVE-2012-0884.patch
+CVE-2012-1165.patch
More information about the Pkg-openssl-changes
mailing list