CVSROOT: /cvs Module name: ports Changes by: juan...@cvs.openbsd.org 2018/06/09 10:48:26
Modified files: devel/mercurial: Tag: OPENBSD_6_3 Makefile Added files: devel/mercurial/patches: Tag: OPENBSD_6_3 patch-mercurial_mpatch_c Log message: SECURITY. From upstream: "Multiple issues found in mpatch.c with a fuzzer: - OVE-20180430-0001 - OVE-20180430-0002 - OVE-20180430-0004 With the following fixes: - mpatch: be more careful about parsing binary patch data (SEC) - mpatch: protect against underflow in mpatch_apply (SEC) - mpatch: ensure fragment start isn't past the end of orig (SEC) - mpatch: fix UB in int overflows in gather() (SEC) - mpatch: fix UB integer overflows in discard() (SEC) - mpatch: avoid integer overflow in mpatch_decode (SEC) - mpatch: avoid integer overflow in combine() (SEC) No exploits are known at the time."