Hello community, here is the log from the commit of package pan checked in at Tue Jun 3 16:29:57 CEST 2008. -------- --- GNOME/pan/pan.changes 2008-04-07 12:48:04.000000000 +0200 +++ /mounts/work_src_done/STABLE/pan/pan.changes 2008-05-30 07:29:07.098720000 +0200 @@ -1,0 +2,6 @@ +Fri May 30 07:28:35 CEST 2008 - drahn@suse.de + +- fix for heap overflow (bnc#395452) + CVE-2008-2363 + +------------------------------------------------------------------- New: ---- bnc395452-sortfix.diff ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ pan.spec ++++++ --- /var/tmp/diff_new_pack.ZH6647/_old 2008-06-03 16:29:20.000000000 +0200 +++ /var/tmp/diff_new_pack.ZH6647/_new 2008-06-03 16:29:20.000000000 +0200 @@ -17,12 +17,13 @@ Group: Productivity/Networking/News/Clients AutoReqProv: on Version: 0.132 -Release: 94 +Release: 118 Source0: ftp://source.rebelbase.com/pub/pan/pan-%{version}.tar.bz2 Patch: fix-desktop-file.diff Patch1: pan-gcc-4.3.diff Patch2: fix-desktop-file-11.0.diff Patch3: pan-glib_compat.diff +Patch4: bnc395452-sortfix.diff Requires: xf86tools BuildRoot: %{_tmppath}/%{name}-%{version}-build Url: http://pan.rebelbase.com/ @@ -55,6 +56,7 @@ %patch2 %endif %patch3 -p1 +%patch4 -p1 %build %configure @@ -79,6 +81,9 @@ %files lang -f %{name}.lang %changelog +* Fri May 30 2008 drahn@suse.de +- fix for heap overflow (bnc#395452) + CVE-2008-2363 * Mon Apr 07 2008 drahn@suse.de - add glib compat layer to abstract glib API obsoletes previous g_assert centric patch ++++++ bnc395452-sortfix.diff ++++++ diff -ur --exclude 'config*' --exclude '*desktop' --exclude '*list' pan-0.132.inc/pan/data/parts.cc pan-0.132/pan/data/parts.cc --- pan-0.132.inc/pan/data/parts.cc 2007-08-01 13:00:01.000000000 -0400 +++ pan-0.132/pan/data/parts.cc 2008-05-27 22:27:03.000000000 -0400 @@ -303,8 +303,7 @@ this->n_parts_total = n_parts_total; this->n_parts_found = 0; // they haven't been added yet - if (n_parts_found > parts.size()) - parts.resize (n_parts_found); + parts.clear(); } void @@ -312,21 +311,10 @@ const StringView & mid, bytes_t bytes) { - if (n_parts_found >= parts.size()) - parts.resize (n_parts_found+1); - - Part& p = *(&parts.front() + n_parts_found++); - p.number = number; - p.bytes = bytes; Packer packer; pack_message_id (packer, mid, reference_mid); - p.len_used = packer.size (); - if (p.len_alloced < p.len_used) { - delete [] p.packed_mid; - p.packed_mid = new char [p.len_used]; - p.len_alloced = p.len_used; - } + Part p(number,bytes,packer.size()); packer.pack (p.packed_mid); packed_mids_len += p.len_used; @@ -337,8 +325,9 @@ assert (mid == tmp); #endif - if (n_parts_total < n_parts_found) + if (n_parts_total < ++n_parts_found) n_parts_total = n_parts_found; + parts.push_back(p); } PartBatch :: Part& @@ -346,7 +335,7 @@ { number = that.number; bytes = that.bytes; - len_used = len_alloced = that.len_used; + len_used = that.len_used; delete [] packed_mid; packed_mid = new char [len_used]; memcpy (packed_mid, that.packed_mid, len_used); @@ -357,11 +346,17 @@ number (that.number), bytes (that.bytes), len_used (that.len_used), - len_alloced (that.len_used), packed_mid (new char [len_used]) { memcpy (packed_mid, that.packed_mid, len_used); } +PartBatch :: Part :: Part (number_t n, bytes_t b, size_t l): + number(n), + bytes(b), + len_used(l), + packed_mid(new char [len_used]) +{ +} void PartBatch :: sort (void) diff -ur --exclude 'config*' --exclude '*desktop' --exclude '*list' pan-0.132.inc/pan/data/parts.h pan-0.132/pan/data/parts.h --- pan-0.132.inc/pan/data/parts.h 2007-08-01 13:00:01.000000000 -0400 +++ pan-0.132/pan/data/parts.h 2008-05-27 22:27:03.000000000 -0400 @@ -141,10 +141,10 @@ number_t number; bytes_t bytes; size_t len_used; - size_t len_alloced; char * packed_mid; Part(): number(0), bytes(0), - len_used(0), len_alloced(0), packed_mid(0) {} + len_used(0), packed_mid(0) {} + Part(number_t n, bytes_t b, size_t l); ~Part() { delete [] packed_mid; } Part (const Part&); Part& operator= (const Part&); ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org