Codebase list cyrus-sasl2 / debian/2.1.27_101-g0780600+dfsg-3+deb9u1
Non-maintainer upload by the Security Team. * Non-maintainer upload by the Security Team. * Off-by-one in _sasl_add_string function (CVE-2019-19906) (Closes: #947043) Salvatore Bonaccorso authored 4 years ago Roberto C. Sánchez committed 4 years ago
3 changed file(s) with 28 addition(s) and 0 deletion(s). Raw diff Collapse all Expand all
+7
-0
debian/changelog less more
0 cyrus-sasl2 (2.1.27~101-g0780600+dfsg-3+deb9u1) stretch-security; urgency=high
1
2 * Non-maintainer upload by the Security Team.
3 * Off-by-one in _sasl_add_string function (CVE-2019-19906) (Closes: #947043)
4
5 -- Salvatore Bonaccorso <carnil@debian.org> Thu, 19 Dec 2019 23:13:43 +0100
6
07 cyrus-sasl2 (2.1.27~101-g0780600+dfsg-3) unstable; urgency=medium
18
29 [ Holger Levsen ]
+20
-0
debian/patches/0033-CVE-2019-19906.patch less more
0 Description: CVE-2019-19906: Off-by-one in _sasl_add_string function
1 Origin: vendor
2 Bug: https://github.com/cyrusimap/cyrus-sasl/issues/587
3 Bug-Debian: https://bugs.debian.org/947043
4 Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2019-19906
5 Author: Stephan Zeisberg <stephan@srlabs.de>
6 Reviewed-by: Salvatore Bonaccorso <carnil@debian.org>
7 Last-Update: 2019-12-19
8
9 --- a/lib/common.c
10 +++ b/lib/common.c
11 @@ -190,7 +190,7 @@ int _sasl_add_string(char **out, size_t
12
13 if (add==NULL) add = "(null)";
14
15 - addlen=strlen(add); /* only compute once */
16 + addlen=strlen(add)+1; /* only compute once */
17 if (_buf_alloc(out, alloclen, (*outlen)+addlen)!=SASL_OK)
18 return SASL_NOMEM;
19
+1
-0
debian/patches/series less more
2929 0030-Change-linking-from-sasldb-.libs-libsasldb.al-to-sas.patch
3030 0031-Cleanup-for-modern-autotools.patch
3131 0032-Add-with_pgsql-include-postgresql-to-include-path.patch
32 0033-CVE-2019-19906.patch