From 7d5bf13cff5459f9b6f0dd70f075885fb9870556 Mon Sep 17 00:00:00 2001 From: Steffen Joeris Date: Wed, 8 Dec 2010 18:38:15 +1100 Subject: [PATCH] patches: Added CVE-2010-4336.dpatch: Fix DoS in RRD file creation. --- debian/changelog | 9 +++++++++ debian/patches/00list | 2 +- debian/patches/CVE-2010-4336.dpatch | 18 ++++++++++++++++++ 3 files changed, 28 insertions(+), 1 deletion(-) create mode 100644 debian/patches/CVE-2010-4336.dpatch diff --git a/debian/changelog b/debian/changelog index b2ec1c2..aa2feb4 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,12 @@ +collectd (4.10.1-2.1) unstable; urgency=high + + * Non-maintainer upload by the security team + * Fix DoS in RRD file creation (Closes: #605092) + Fixes: CVE-2010-4336 + Thanks to Florian Forster + + -- Steffen Joeris Wed, 08 Dec 2010 17:45:50 +1100 + collectd (4.10.1-2) unstable; urgency=medium * debian/rules: diff --git a/debian/patches/00list b/debian/patches/00list index e7a35f8..87049dd 100644 --- a/debian/patches/00list +++ b/debian/patches/00list @@ -4,4 +4,4 @@ bts559801_plugin_find_fix.dpatch bts595756-notify_email-segfault.dpatch bts592623-curl_json-file.dpatch bts596128-reheap-fix.dpatch - +CVE-2010-4336.dpatch diff --git a/debian/patches/CVE-2010-4336.dpatch b/debian/patches/CVE-2010-4336.dpatch new file mode 100644 index 0000000..a40bdfd --- /dev/null +++ b/debian/patches/CVE-2010-4336.dpatch @@ -0,0 +1,18 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## + +@DPATCH@ +--- ../old/collectd-4.10.1/src/utils_rrdcreate.c 2010-07-09 20:01:59.000000000 +1000 ++++ collectd-4.10.1/src/utils_rrdcreate.c 2010-12-08 17:41:34.000000000 +1100 +@@ -398,10 +398,9 @@ + memcpy (argv + ds_num, rra_def, rra_num * sizeof (char *)); + argv[ds_num + rra_num] = NULL; + +- assert (vl->time > 10); + status = srrd_create (filename, + (cfg->stepsize > 0) ? cfg->stepsize : vl->interval, +- vl->time - 10, ++ (vl->time > 10) ? (vl->time - 10) : vl->time, + argc, (const char **) argv); + + free (argv); -- 2.30.2