diff -u mono-1.1.13.6/debian/changelog mono-1.1.13.6/debian/changelog --- mono-1.1.13.6/debian/changelog +++ mono-1.1.13.6/debian/changelog @@ -1,3 +1,18 @@ +mono (1.1.13.6-0ubuntu3.3) dapper-security; urgency=low + + * SECURITY UPDATE: (LP: #162826) + + CVE-2007-5197: + Buffer overflow in the Mono.Math.BigInteger class in Mono 1.2.5.1 and + earlier allows context-dependent attackers to execute arbitrary code via + unspecified vectors related to Reduce in Montgomery-based Pow methods. + * debian/patches/CVE-2007-5197.dpatch: + Applied security fix from debian + Took it from the etch upload (see DSA http://www.debian.org/security/2007/dsa-1397 ) + * References: + CVE-2007-5197 + + -- Stephan Hermann Wed, 21 Nov 2007 14:34:03 +0100 + mono (1.1.13.6-0ubuntu3.2) dapper-security; urgency=low * SECURITY UPDATE: public source code exposure. diff -u mono-1.1.13.6/debian/patches/00list mono-1.1.13.6/debian/patches/00list --- mono-1.1.13.6/debian/patches/00list +++ mono-1.1.13.6/debian/patches/00list @@ -12,0 +13 @@ +CVE-2007-5197.dpatch only in patch2: unchanged: --- mono-1.1.13.6.orig/debian/patches/CVE-2007-5197.dpatch +++ mono-1.1.13.6/debian/patches/CVE-2007-5197.dpatch @@ -0,0 +1,31 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## CVE-2007-5197.dpatch by Stephan Hermann +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: No description. + +@DPATCH@ +diff -urNad mono-1.1.13.6~/mcs/class/Mono.Security/Mono.Math/BigInteger.cs mono-1.1.13.6/mcs/class/Mono.Security/Mono.Math/BigInteger.cs +--- mono-1.1.13.6~/mcs/class/Mono.Security/Mono.Math/BigInteger.cs 2006-03-14 00:01:09.000000000 +0100 ++++ mono-1.1.13.6/mcs/class/Mono.Security/Mono.Math/BigInteger.cs 2007-11-21 14:17:34.227182389 +0100 +@@ -1574,7 +1574,7 @@ + uint j = 1; + + // Multiply and add +- for (; j < m.length; j++) { ++ for (; j < m.length && j < A.length; j++) { + c += (ulong)u_i * (ulong)*(mP++) + *(aSP++); + *(aDP++) = (uint)c; + c >>= 32; +diff -urNad mono-1.1.13.6~/mcs/class/corlib/Mono.Math/BigInteger.cs mono-1.1.13.6/mcs/class/corlib/Mono.Math/BigInteger.cs +--- mono-1.1.13.6~/mcs/class/corlib/Mono.Math/BigInteger.cs 2006-03-14 00:00:11.000000000 +0100 ++++ mono-1.1.13.6/mcs/class/corlib/Mono.Math/BigInteger.cs 2007-11-21 14:17:52.728236576 +0100 +@@ -1574,7 +1574,7 @@ + uint j = 1; + + // Multiply and add +- for (; j < m.length; j++) { ++ for (; j < m.length && j < A.length; j++) { + c += (ulong)u_i * (ulong)*(mP++) + *(aSP++); + *(aDP++) = (uint)c; + c >>= 32;