rpms/mono/FC-6 mono-big-integer-CVE-2007-5197.patch, NONE, 1.1 mono.spec, 1.48, 1.49

Author: alexl

Update of /cvs/dist/rpms/mono/FC-6
In directory cvs.devel.redhat.com:/tmp/cvs-serv27897

Modified Files:
        mono.spec 
Added Files:
        mono-big-integer-CVE-2007-5197.patch 
Log Message:
* Wed Nov  7 2007 Alexander Larsson <alexl@xxxxxxxxxx> - 1.1.17.1-5
- Fix overflow in Mono.Math.BigInteger class (#367471)
  CVE-2007-5197


mono-big-integer-CVE-2007-5197.patch:
 Mono.Security/Mono.Math/BigInteger.cs |    2 +-
 corlib/Mono.Math/BigInteger.cs        |    2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

--- NEW FILE mono-big-integer-CVE-2007-5197.patch ---
--- mcs/class/corlib/Mono.Math/BigInteger.cs    2007-09-19 19:06:06.000000000 
+0200
+++ mcs/class/corlib/Mono.Math/BigInteger.cs    2007-10-25 23:46:55.000000000 
+0200
@@ -1607,7 +1607,7 @@
                                                uint j = 1;
 
                                                // Multiply and add
-                                               for (; j < m.length; j++) {
+                                               for (; j < m.length && j < 
A.length; j++) {
                                                        c += (ulong)u_i * 
(ulong)*(mP++) + *(aSP++);
                                                        *(aDP++) = (uint)c;
                                                        c >>= 32;
--- mcs/class/Mono.Security/Mono.Math/BigInteger.cs     2007-07-24 
23:48:50.000000000 +0200
+++ mcs/class/Mono.Security/Mono.Math/BigInteger.cs     2007-10-25 
23:45:01.000000000 +0200
@@ -1601,7 +1601,7 @@
                                                uint j = 1;
 
                                                // Multiply and add
-                                               for (; j < m.length; j++) {
+                                               for (; j < m.length && j < 
A.length; j++) {
                                                        c += (ulong)u_i * 
(ulong)*(mP++) + *(aSP++);
                                                        *(aDP++) = (uint)c;
                                                        c >>= 32;


Index: mono.spec
===================================================================
RCS file: /cvs/dist/rpms/mono/FC-6/mono.spec,v
retrieving revision 1.48
retrieving revision 1.49
diff -u -r1.48 -r1.49
--- mono.spec   11 Jan 2007 13:30:26 -0000      1.48
+++ mono.spec   7 Nov 2007 14:59:06 -0000       1.49
@@ -1,6 +1,6 @@
 Name:           mono
 Version:        1.1.17.1
-Release:        4%{?dist}
+Release:        5%{?dist}
 Summary:        a .NET runtime environment
 
 Group:          Development/Languages
@@ -35,6 +35,8 @@
 Patch6: mono-system.web_fix_r68790.patch
 Patch7: mono-system.web_security_fix2_r69049.patch
 
+Patch8: mono-big-integer-CVE-2007-5197.patch
+
 %description
 The Mono runtime implements a JIT engine for the ECMA CLI
 virtual machine (as well as a byte code interpreter, the
@@ -258,6 +260,7 @@
 %patch5 -p1 -b .CVE-2006-5072
 %patch6 -p0 -b .CVE-2006-6104-0
 %patch7 -p0 -b .CVE-2006-6104
+%patch8 -p0 -b .big-integer
 
 %build
 %ifarch ia64 s390
@@ -541,6 +544,10 @@
 %gac_dll IBM.Data.DB2
 
 %changelog
+* Wed Nov  7 2007 Alexander Larsson <alexl@xxxxxxxxxx> - 1.1.17.1-5
+- Fix overflow in Mono.Math.BigInteger class (#367471)
+  CVE-2007-5197
+
 * Thu Jan 11 2007 Alexander Larsson <alexl@xxxxxxxxxx> - 1.1.17.1-4
 - Add patches to fix CVE-2006-6104
 

-- 
fedora-cvs-commits mailing list
fedora-cvs-commits@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-cvs-commits