From e36344728dba458977ee0bc22844c943425d5de2 Mon Sep 17 00:00:00 2001 From: Gustavo Zacarias Date: Wed, 9 Apr 2014 15:11:46 -0300 Subject: libyaml: security bump to version 0.1.6 Fixes CVE-2014-2525. Signed-off-by: Gustavo Zacarias Signed-off-by: Peter Korsgaard --- package/libyaml/libyaml-0003-string-overflow.patch | 28 ---------------------- 1 file changed, 28 deletions(-) delete mode 100644 package/libyaml/libyaml-0003-string-overflow.patch (limited to 'package/libyaml/libyaml-0003-string-overflow.patch') diff --git a/package/libyaml/libyaml-0003-string-overflow.patch b/package/libyaml/libyaml-0003-string-overflow.patch deleted file mode 100644 index e740e654cc..0000000000 --- a/package/libyaml/libyaml-0003-string-overflow.patch +++ /dev/null @@ -1,28 +0,0 @@ -Description: CVE-2013-6393: yaml_parser_scan_tag_uri: fix int overflow leading to buffer overflow - This is a proposed patch from Florian Weimer for - the string overflow issue. It has been ack'd by upstream. -Origin: https://bugzilla.redhat.com/show_bug.cgi?id=1033990 -Bug-RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=1033990 -Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737076 -Last-Update: 2014-01-29 ---- -# HG changeset patch -# User Florian Weimer -# Date 1389273500 -3600 -# Thu Jan 09 14:18:20 2014 +0100 -# Node ID a54d7af707f25dc298a7be60fd152001d2b3035b -# Parent 3e6507fa0c26d20c09f8f468f2bd04aa2fd1b5b5 -yaml_parser_scan_tag_uri: fix int overflow leading to buffer overflow - -diff --git a/src/scanner.c b/src/scanner.c ---- a/src/scanner.c -+++ b/src/scanner.c -@@ -2574,7 +2574,7 @@ - - /* Resize the string to include the head. */ - -- while (string.end - string.start <= (int)length) { -+ while ((size_t)(string.end - string.start) <= length) { - if (!yaml_string_extend(&string.start, &string.pointer, &string.end)) { - parser->error = YAML_MEMORY_ERROR; - goto error; -- cgit v1.2.3