| Patrick Williams | c124f4f | 2015-09-15 14:41:29 -0500 | [diff] [blame^] | 1 | readline: Security Advisory - readline - CVE-2014-2524 |
| 2 | |
| 3 | Upstream-Status: Backport |
| 4 | |
| 5 | Signed-off-by: Yue Tao <yue.tao@windriver.com> |
| 6 | |
| 7 | READLINE PATCH REPORT |
| 8 | ===================== |
| 9 | |
| 10 | Readline-Release: 6.3 |
| 11 | Patch-ID: readline63-003 |
| 12 | |
| 13 | Bug-Reported-by: |
| 14 | Bug-Reference-ID: |
| 15 | Bug-Reference-URL: |
| 16 | |
| 17 | Bug-Description: |
| 18 | |
| 19 | There are debugging functions in the readline release that are theoretically |
| 20 | exploitable as security problems. They are not public functions, but have |
| 21 | global linkage. |
| 22 | |
| 23 | Patch (apply with `patch -p0'): |
| 24 | |
| 25 | *** ../readline-6.3/util.c 2013-09-02 13:36:12.000000000 -0400 |
| 26 | --- util.c 2014-03-20 10:25:53.000000000 -0400 |
| 27 | *************** |
| 28 | *** 477,480 **** |
| 29 | --- 479,483 ---- |
| 30 | } |
| 31 | |
| 32 | + #if defined (DEBUG) |
| 33 | #if defined (USE_VARARGS) |
| 34 | static FILE *_rl_tracefp; |
| 35 | *************** |
| 36 | *** 539,542 **** |
| 37 | --- 542,546 ---- |
| 38 | } |
| 39 | #endif |
| 40 | + #endif /* DEBUG */ |
| 41 | |
| 42 | |
| 43 | |