Commit | Line | Data |
---|---|---|
d9721bcf LF |
1 | Fix CVE-2014-2524: |
2 | ||
3 | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2524 | |
4 | http://lists.gnu.org/archive/html/bug-readline/2014-03/msg00057.html | |
5 | ||
6 | Patch copied from: | |
7 | https://ftp.gnu.org/gnu/readline/readline-6.3-patches/readline63-003 | |
8 | ||
9 | READLINE PATCH REPORT | |
10 | ===================== | |
11 | ||
12 | Readline-Release: 6.3 | |
13 | Patch-ID: readline63-003 | |
14 | ||
15 | Bug-Reported-by: | |
16 | Bug-Reference-ID: | |
17 | Bug-Reference-URL: | |
18 | ||
19 | Bug-Description: | |
20 | ||
21 | There are debugging functions in the readline release that are theoretically | |
22 | exploitable as security problems. They are not public functions, but have | |
23 | global linkage. | |
24 | ||
25 | Patch (apply with `patch -p0'): | |
26 | ||
27 | *** ../readline-6.3/util.c 2013-09-02 13:36:12.000000000 -0400 | |
28 | --- util.c 2014-03-20 10:25:53.000000000 -0400 | |
29 | *************** | |
30 | *** 477,480 **** | |
31 | --- 479,483 ---- | |
32 | } | |
33 | ||
34 | + #if defined (DEBUG) | |
35 | #if defined (USE_VARARGS) | |
36 | static FILE *_rl_tracefp; | |
37 | *************** | |
38 | *** 539,542 **** | |
39 | --- 542,546 ---- | |
40 | } | |
41 | #endif | |
42 | + #endif /* DEBUG */ |