Codebase list cyrus-sasl2 / 97af2bb
Non-maintainer upload by the ELTS team. * Non-maintainer upload by the ELTS team. * CVE-2019-19906: Fix off-by-one issue in _sasl_add_string function. Mike Gabriel authored 4 years ago Roberto C. Sánchez committed 4 years ago
3 changed file(s) with 21 addition(s) and 0 deletion(s). Raw diff Collapse all Expand all
+7
-0
debian/changelog less more
0 cyrus-sasl2 (2.1.25.dfsg1-6+deb7u2) wheezy-security; urgency=medium
1
2 * Non-maintainer upload by the ELTS team.
3 * CVE-2019-19906: Fix off-by-one issue in _sasl_add_string function.
4
5 -- Mike Gabriel <sunweaver@debian.org> Fri, 20 Dec 2019 13:00:37 +0100
6
07 cyrus-sasl2 (2.1.25.dfsg1-6+deb7u1) stable; urgency=low
18
29 * Fix heavy CPU usage in saslauthd (Closes: #708552)
+13
-0
debian/patches/CVE-2019-19906.patch less more
0 Origin: https://github.com/cyrusimap/cyrus-sasl/issues/587
1
2 --- a/lib/common.c
3 +++ b/lib/common.c
4 @@ -192,7 +192,7 @@
5
6 if (add==NULL) add = "(null)";
7
8 - addlen=strlen(add); /* only compute once */
9 + addlen=strlen(add)+1; /* only compute once */
10 if (_buf_alloc(out, alloclen, (*outlen)+addlen)!=SASL_OK)
11 return SASL_NOMEM;
12
+1
-0
debian/patches/series less more
2323 0037-abort_if_no_fqdn_fix.patch
2424 0038-send_imap_logout.patch
2525 0039-fix-canonuser-ldapdb-garbage-in-out-buffer.patch
26 CVE-2019-19906.patch