hi, long time ago the upstream developer informed me that the fix for curl's CVE-2005-4077 now in sarge with 7.13.2-2sarge4 is not enough.
i finally came with a fixed curl 7.13.2-2sarge5 package. it is available at http://people.debian.org/~cavok/curl/. debdiff output: diff -u curl-7.13.2/lib/url.c curl-7.13.2/lib/url.c --- curl-7.13.2/lib/url.c +++ curl-7.13.2/lib/url.c @@ -2324,12 +2324,12 @@ * 2 - an extra slash (in case a syntax like "www.host.com?moo" is used) */ - conn->pathbuffer=(char *)malloc(urllen+2); + conn->pathbuffer=(char *)malloc(urllen+3); if(NULL == conn->pathbuffer) return CURLE_OUT_OF_MEMORY; /* really bad error */ conn->path = conn->pathbuffer; - conn->host.rawalloc=(char *)malloc(urllen+2); + conn->host.rawalloc=(char *)malloc(urllen+3); if(NULL == conn->host.rawalloc) return CURLE_OUT_OF_MEMORY; conn->host.name = conn->host.rawalloc; diff -u curl-7.13.2/debian/changelog curl-7.13.2/debian/changelog --- curl-7.13.2/debian/changelog +++ curl-7.13.2/debian/changelog @@ -1,3 +1,10 @@ +curl (7.13.2-2sarge5) stable-security; urgency=high + + * Fixed previously applied patch to fix off-by-one error [lib/url.c, + CVE-2005-4077] + + -- Domenico Andreoli <[EMAIL PROTECTED]> Wed, 1 Mar 2006 17:15:51 +0100 + curl (7.13.2-2sarge4) stable-security; urgency=high * Non-maintainer upload by the Security Team let me know if the upload is desired. cheers domenico On Tue, Dec 13, 2005 at 12:02:23PM +0100, Daniel Stenberg wrote: > Hi > > The fix to 7.13.2 may not have been enough: > > http://curl.haxx.se/mail/lib-2005-12/0119.html > > 7.9.5 was not vulernable to CVE-2005-4077 -----[ Domenico Andreoli, aka cavok --[ http://people.debian.org/~cavok/gpgkey.asc ---[ 3A0F 2F80 F79C 678A 8936 4FEE 0677 9033 A20E BC50
signature.asc
Description: Digital signature
