Wed, 06 Jun 2018 13:28:48 -0400 Added tag 4.6.1 for changeset 9c5ced5276d6 stable
Augie Fackler <raf@durin42.com> [Wed, 06 Jun 2018 13:28:48 -0400] rev 38196
Added tag 4.6.1 for changeset 9c5ced5276d6
Mon, 30 Apr 2018 22:24:58 -0400 mpatch: avoid integer overflow in combine() (SEC) stable 4.6.1
Augie Fackler <augie@google.com> [Mon, 30 Apr 2018 22:24:58 -0400] rev 38195
mpatch: avoid integer overflow in combine() (SEC) All the callers of this function can handle a NULL return, so that appears to be the "safe" way to report an error.
Mon, 30 Apr 2018 22:23:06 -0400 mpatch: avoid integer overflow in mpatch_decode (SEC) stable
Augie Fackler <augie@google.com> [Mon, 30 Apr 2018 22:23:06 -0400] rev 38194
mpatch: avoid integer overflow in mpatch_decode (SEC)
Mon, 30 Apr 2018 22:20:13 -0400 mpatch: fix UB integer overflows in discard() (SEC) stable
Augie Fackler <augie@google.com> [Mon, 30 Apr 2018 22:20:13 -0400] rev 38193
mpatch: fix UB integer overflows in discard() (SEC)
Mon, 30 Apr 2018 22:15:11 -0400 mpatch: fix UB in int overflows in gather() (SEC) stable
Augie Fackler <augie@google.com> [Mon, 30 Apr 2018 22:15:11 -0400] rev 38192
mpatch: fix UB in int overflows in gather() (SEC)
Thu, 03 May 2018 12:54:20 -0400 mpatch: introduce a safesub() helper as well stable
Augie Fackler <augie@google.com> [Thu, 03 May 2018 12:54:20 -0400] rev 38191
mpatch: introduce a safesub() helper as well Same reason as safeadd().
Mon, 30 Apr 2018 22:13:42 -0400 mpatch: introduce a safeadd() helper to work around UB int overflow stable
Augie Fackler <augie@google.com> [Mon, 30 Apr 2018 22:13:42 -0400] rev 38190
mpatch: introduce a safeadd() helper to work around UB int overflow We're about to make extensive use of this. This change duplicates some stdbool.h portability hacks from cext/util.h. We should probably clean that up in the future, but we'll skip that for now in order to make security backports easier.
Sat, 28 Apr 2018 10:09:12 -0400 mpatch: ensure fragment start isn't past the end of orig (SEC) stable
Augie Fackler <augie@google.com> [Sat, 28 Apr 2018 10:09:12 -0400] rev 38189
mpatch: ensure fragment start isn't past the end of orig (SEC) Caught by oss-fuzz fuzzer during development. This defect is OVE-20180430-0004. A CVE has not been obtained as of this writing.
Sat, 28 Apr 2018 02:04:56 -0400 mpatch: protect against underflow in mpatch_apply (SEC) stable
Augie Fackler <augie@google.com> [Sat, 28 Apr 2018 02:04:56 -0400] rev 38188
mpatch: protect against underflow in mpatch_apply (SEC) Also caught by oss-fuzz fuzzer during development. This defect is OVE-20180430-0002. A CVE has not been obtained as of this writing.
Sat, 28 Apr 2018 00:42:16 -0400 mpatch: be more careful about parsing binary patch data (SEC) stable
Augie Fackler <augie@google.com> [Sat, 28 Apr 2018 00:42:16 -0400] rev 38187
mpatch: be more careful about parsing binary patch data (SEC) It appears to have been possible to trivially walk off the end of an allocated region with a malformed patch. Oops. Caught when writing an mpatch fuzzer for oss-fuzz. This defect is OVE-20180430-0001. A CVE has not been obtained as of this writing.
(0) -30000 -10000 -3000 -1000 -300 -100 -10 +10 +100 +300 +1000 +3000 +10000 tip