pkgsrc-Changes archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

CVS commit: [pkgsrc-2015Q4] pkgsrc/chat/libotr



Module Name:    pkgsrc
Committed By:   bsiegert
Date:           Tue Mar 22 19:04:34 UTC 2016

Modified Files:
        pkgsrc/chat/libotr [pkgsrc-2015Q4]: Makefile distinfo

Log Message:
Pullup ticket #4954 - requested by gdt
chat/libotr: security fix

Revisions pulled up:
- chat/libotr/Makefile                                          1.18
- chat/libotr/distinfo                                          1.12

---
   Module Name: pkgsrc
   Committed By:        gdt
   Date:                Wed Mar  9 18:04:17 UTC 2016

   Modified Files:
        pkgsrc/chat/libotr: Makefile distinfo

   Log Message:
   Update to 4.1.1.

   This is a security release addressing CVE-2016-2851.

   - Fix an integer overflow bug that can cause a heap buffer overflow (and
     from there remote code execution) on 64-bit platforms
   - Fix possible free() of an uninitialized pointer
   - Be stricter about parsing v3 fragments
   - Add a testsuite ("make check" to run it), but only on Linux for now,
     since it uses Linux-specific features such as epoll
   - Fix a memory leak when reading a malformed instance tag file
   - Protocol documentation clarifications


To generate a diff of this commit:
cvs rdiff -u -r1.17 -r1.17.10.1 pkgsrc/chat/libotr/Makefile
cvs rdiff -u -r1.11 -r1.11.2.1 pkgsrc/chat/libotr/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.




Home | Main Index | Thread Index | Old Index