Commit 03679a43 authored by Bas Zoetekouw's avatar Bas Zoetekouw

Fix for CVE-2018-10689 backport to jessie

parent 36d21514
blktrace (1.0.5-1+deb8u1) jessie; urgency=high
* Fix buffer overflow in btt (CVE-2018-10689) (Closes: #897695)
-- Bas Zoetekouw <bas@debian.org> Fri, 18 May 2018 15:47:57 +0200
blktrace (1.0.5-1) unstable; urgency=low
* New upstream release [February 2012].
......
Last-Update: 2018-05-16
Forwarded: yes
Author: Jens Axboe <axboe@kernel.dk>
Description: fix CVE-2018-10689: make device/devno use PATH_MAX to avoid overflow. Patch from https://git.kernel.org/pub/scm/linux/kernel/git/axboe/blktrace.git/commit/?id=d61ff409cb4dda31386373d706ea0cfb1aaac5b7
Index: blktrace-1.0.5/btt/devmap.c
===================================================================
--- blktrace-1.0.5.orig/btt/devmap.c
+++ blktrace-1.0.5/btt/devmap.c
@@ -23,7 +23,7 @@
struct devmap {
struct list_head head;
- char device[32], devno[32];
+ char device[PATH_MAX], devno[PATH_MAX];
};
LIST_HEAD(all_devmaps);
10_btrace_paths.patch
spelling.patch
cve-2018-10689.patch
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment