diff options
author | tron <tron@pkgsrc.org> | 2013-08-21 21:59:57 +0000 |
---|---|---|
committer | tron <tron@pkgsrc.org> | 2013-08-21 21:59:57 +0000 |
commit | 2f7d76600fb79248ebc8d0c5a2651dc8a9fc597f (patch) | |
tree | 508a93d45c68a2e32e5904212316489c53920917 /net/filezilla/patches/patch-CVE-2013-4852-3 | |
parent | 4d539bcd2e4010d204ba676f77b8b12f3ce77ae3 (diff) | |
download | pkgsrc-2f7d76600fb79248ebc8d0c5a2651dc8a9fc597f.tar.gz |
Pullup ticket #4217 - requested by drochner
net/filezilla: security update
Revisions pulled up:
- net/filezilla/Makefile 1.44-1.45
- net/filezilla/PLIST 1.10
- net/filezilla/distinfo 1.17-1.18
- net/filezilla/patches/patch-CVE-2013-4206 1.1
- net/filezilla/patches/patch-CVE-2013-4208 1.1
- net/filezilla/patches/patch-CVE-2013-4852-1 deleted
- net/filezilla/patches/patch-CVE-2013-4852-2 deleted
- net/filezilla/patches/patch-CVE-2013-4852-3 deleted
- net/filezilla/patches/patch-aa deleted
---
Module Name: pkgsrc
Committed By: drochner
Date: Tue Aug 6 12:55:10 UTC 2013
Modified Files:
pkgsrc/net/filezilla: Makefile distinfo
Added Files:
pkgsrc/net/filezilla/patches: patch-CVE-2013-4852-1
patch-CVE-2013-4852-2 patch-CVE-2013-4852-3
Log Message:
apply patches from pkgsrc/security/putty to fix embedded sftp client
bump PKGREV
---
Module Name: pkgsrc
Committed By: drochner
Date: Wed Aug 7 16:48:49 UTC 2013
Modified Files:
pkgsrc/net/filezilla: Makefile PLIST distinfo
Added Files:
pkgsrc/net/filezilla/patches: patch-CVE-2013-4206
patch-CVE-2013-4208 Removed Files:
pkgsrc/net/filezilla/patches: patch-CVE-2013-4852-1
patch-CVE-2013-4852-2 patch-CVE-2013-4852-3 patch-aa
Log Message:
update to 3.7.2
This is a major update, many fixes and improvements.
Main reason for the update was to sync the embedded sftp client
with putty after fixes for vulnerabilities.
Diffstat (limited to 'net/filezilla/patches/patch-CVE-2013-4852-3')
-rw-r--r-- | net/filezilla/patches/patch-CVE-2013-4852-3 | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/net/filezilla/patches/patch-CVE-2013-4852-3 b/net/filezilla/patches/patch-CVE-2013-4852-3 new file mode 100644 index 00000000000..0db5916dbc3 --- /dev/null +++ b/net/filezilla/patches/patch-CVE-2013-4852-3 @@ -0,0 +1,13 @@ +$NetBSD: patch-CVE-2013-4852-3,v 1.2.2.2 2013/08/21 21:59:57 tron Exp $ + +--- src/putty/import.c.orig 2008-02-22 03:00:11.000000000 +0000 ++++ src/putty/import.c +@@ -290,7 +290,7 @@ static int ssh2_read_mpint(void *data, i + if (len < 4) + goto error; + bytes = GET_32BIT(d); +- if (len < 4+bytes) ++ if (bytes < 0 || len-4 < bytes) + goto error; + + ret->start = d + 4; |