[src/netbsd-3-0]: src/doc Ticket #1941.

[ghen <ghen%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/0884997d0551
branches:  netbsd-3-0
changeset: 579486:0884997d0551
user:      ghen <ghen%NetBSD.org@localhost>
date:      Mon Jun 23 10:44:44 2008 +0000

description:
Ticket #1941.

diffstat:

 doc/CHANGES-3.0.4 |  16 +++++++++++++++-
 1 files changed, 15 insertions(+), 1 deletions(-)

diffs (27 lines):

diff -r 712471018236 -r 0884997d0551 doc/CHANGES-3.0.4
--- a/doc/CHANGES-3.0.4 Mon Jun 23 10:39:33 2008 +0000
+++ b/doc/CHANGES-3.0.4 Mon Jun 23 10:44:44 2008 +0000
@@ -1,4 +1,4 @@
-#      $NetBSD: CHANGES-3.0.4,v 1.1.2.25 2008/05/13 06:27:43 jdc Exp $
+#      $NetBSD: CHANGES-3.0.4,v 1.1.2.26 2008/06/23 10:44:44 ghen Exp $
 
 A complete list of changes from the NetBSD 3.0.3 release to the NetBSD 3.0.4
 release:
@@ -300,3 +300,17 @@
        side-channel attack and retrieve RSA private keys.
        [adrianp, ticket #1931]
 
+gnu/dist/binutils/bfd/tekhex.c                 1.2 via patch
+
+       Fix for PR #33551 (a.k.a CVE-2006-2362)
+
+       Back port from the binutils CVS tree
+
+       Buffer overflow in getsym in tekhex.c in libbfd in Free Software
+       Foundation GNU Binutils before 20060423, as used by GNU strings, allows
+       context-dependent attackers to cause a denial of service (application
+       crash) and possibly execute arbitrary code via a file with a crafted
+       Tektronix Hex Format (TekHex) record in which the length character is
+       not a valid hexadecimal character.
+       [adrianp, ticket #1941]
+