Non-maintainer upload by the ELTS team.
* Non-maintainer upload by the ELTS team.
* CVE-2019-19906: Fix off-by-one issue in _sasl_add_string function.
Mike Gabriel authored 4 years ago
Roberto C. Sánchez committed 4 years ago
|
0 |
cyrus-sasl2 (2.1.25.dfsg1-6+deb7u2) wheezy-security; urgency=medium
|
|
1 |
|
|
2 |
* Non-maintainer upload by the ELTS team.
|
|
3 |
* CVE-2019-19906: Fix off-by-one issue in _sasl_add_string function.
|
|
4 |
|
|
5 |
-- Mike Gabriel <sunweaver@debian.org> Fri, 20 Dec 2019 13:00:37 +0100
|
|
6 |
|
0 | 7 |
cyrus-sasl2 (2.1.25.dfsg1-6+deb7u1) stable; urgency=low
|
1 | 8 |
|
2 | 9 |
* Fix heavy CPU usage in saslauthd (Closes: #708552)
|
|
0 |
Origin: https://github.com/cyrusimap/cyrus-sasl/issues/587
|
|
1 |
|
|
2 |
--- a/lib/common.c
|
|
3 |
+++ b/lib/common.c
|
|
4 |
@@ -192,7 +192,7 @@
|
|
5 |
|
|
6 |
if (add==NULL) add = "(null)";
|
|
7 |
|
|
8 |
- addlen=strlen(add); /* only compute once */
|
|
9 |
+ addlen=strlen(add)+1; /* only compute once */
|
|
10 |
if (_buf_alloc(out, alloclen, (*outlen)+addlen)!=SASL_OK)
|
|
11 |
return SASL_NOMEM;
|
|
12 |
|
23 | 23 |
0037-abort_if_no_fqdn_fix.patch
|
24 | 24 |
0038-send_imap_logout.patch
|
25 | 25 |
0039-fix-canonuser-ldapdb-garbage-in-out-buffer.patch
|
|
26 |
CVE-2019-19906.patch
|