Merge lp://staging/~tdaitx/whoopsie/security-fixes into lp://staging/whoopsie
Proposed by
Tiago Stürmer Daitx
| Status: | Merged |
|---|---|
| Merged at revision: | 709 |
| Proposed branch: | lp://staging/~tdaitx/whoopsie/security-fixes |
| Merge into: | lp://staging/whoopsie |
| Diff against target: |
367 lines (+67/-49) 6 files modified
debian/changelog (+18/-0) lib/bson/bson.c (+29/-29) lib/bson/bson.h (+6/-6) lib/bson/encoding.c (+6/-6) lib/bson/encoding.h (+2/-2) src/whoopsie.c (+6/-6) |
| To merge this branch: | bzr merge lp://staging/~tdaitx/whoopsie/security-fixes |
| Related bugs: |
| Reviewer | Review Type | Date Requested | Status |
|---|---|---|---|
| Daisy Pluckers | Pending | ||
|
Review via email:
|
|||
Description of the change
Correspond to the 0.2.67 and 0.2.68 uploads.
* SECURITY UPDATE: Integer overflow when handling large bson
objects (LP: #1830865)
- lib/bson/bson.c, lib/bson/bson.h, src/whoopsie.c: use size_t
for size instead of int to prevent integer overflows.
- lib/bson/bson.c: ensure bson objects are not bigger than INT_MAX.
- CVE-2019-11484
* src/whoopsie.c: prevent freeing a NULL server response string.
* lib/bson/bson.c: properly initialize bson_size variable.
To post a comment you must log in.
Preview Diff
[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
