[pacman-dev] [PATCH] Fix CVE-2016-5434 (DoS/loop and out of boundary read)

Florian Pritz bluewind at xinu.at
Sun Sep 17 09:46:46 UTC 2017


On 16.09.2017 22:21, Nils Freydank wrote:
> [...]
>
> (Feedback is very appreciated / this is an updated patch.)

This line shouldn't be part of the commit. You can add it after the
"---" marker (see below) when you use `git send-email --annotate` or if
you save the patch with `git format-patch` and then edit the file before
sending with send-email.

You can also include a list of changes from the previous version there.


> 
> [1] Original patch:
> https://lists.archlinux.org/pipermail/pacman-dev/2016-June/021148.html
> CVE request (and assignment):
> http://seclists.org/oss-sec/2016/q2/526
> ---

This marker here ^

>  lib/libalpm/signing.c | 60 ++++++++++++++++++++++++++++++++++++++++++++++++---
>  1 file changed, 57 insertions(+), 3 deletions(-)
> 
> diff --git a/lib/libalpm/signing.c b/lib/libalpm/signing.c
> index 95cb3280..33438140 100644
> --- a/lib/libalpm/signing.c
> +++ b/lib/libalpm/signing.c
> @@ -986,6 +986,19 @@ int SYMEXPORT alpm_siglist_cleanup(alpm_siglist_t *siglist)
>  	return 0;



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 858 bytes
Desc: OpenPGP digital signature
URL: <https://lists.archlinux.org/pipermail/pacman-dev/attachments/20170917/81bfb288/attachment.asc>


More information about the pacman-dev mailing list