rpms/mono/F-7 mono-big-integer-CVE-2007-5197.patch, NONE, 1.1 mono.spec, 1.51, 1.52

Alexander Larsson (alexl) fedora-extras-commits at redhat.com
Wed Nov 7 14:37:45 UTC 2007 

Author: alexl

Update of /cvs/pkgs/rpms/mono/F-7
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv12952

Modified Files:
	mono.spec 
Added Files:
	mono-big-integer-CVE-2007-5197.patch 
Log Message:
* Wed Nov  7 2007 Alexander Larsson <alexl at redhat.com> - 1.2.3-4
- Fix overflow in Mono.Math.BigInteger class (#367531)
  CVE-2007-5197


mono-big-integer-CVE-2007-5197.patch:

--- NEW FILE mono-big-integer-CVE-2007-5197.patch ---
--- mcs/class/corlib/Mono.Math/BigInteger.cs	2007-09-19 19:06:06.000000000 +0200
+++ mcs/class/corlib/Mono.Math/BigInteger.cs	2007-10-25 23:46:55.000000000 +0200
@@ -1607,7 +1607,7 @@
 						uint j = 1;
 
 						// Multiply and add
-						for (; j < m.length; j++) {
+						for (; j < m.length && j < A.length; j++) {
 							c += (ulong)u_i * (ulong)*(mP++) + *(aSP++);
 							*(aDP++) = (uint)c;
 							c >>= 32;
--- mcs/class/Mono.Security/Mono.Math/BigInteger.cs	2007-07-24 23:48:50.000000000 +0200
+++ mcs/class/Mono.Security/Mono.Math/BigInteger.cs	2007-10-25 23:45:01.000000000 +0200
@@ -1601,7 +1601,7 @@
 						uint j = 1;
 
 						// Multiply and add
-						for (; j < m.length; j++) {
+						for (; j < m.length && j < A.length; j++) {
 							c += (ulong)u_i * (ulong)*(mP++) + *(aSP++);
 							*(aDP++) = (uint)c;
 							c >>= 32;


Index: mono.spec
===================================================================
RCS file: /cvs/pkgs/rpms/mono/F-7/mono.spec,v
retrieving revision 1.51
retrieving revision 1.52
diff -u -r1.51 -r1.52
--- mono.spec	1 Apr 2007 15:15:08 -0000	1.51
+++ mono.spec	7 Nov 2007 14:37:10 -0000	1.52
@@ -1,6 +1,6 @@
 Name:           mono
 Version:        1.2.3
-Release:        3%{?dist}
+Release:        4%{?dist}
 Summary:        a .NET runtime environment
 
 Group:          Development/Languages
@@ -32,6 +32,8 @@
 Patch3: mono-libdir.patch
 Patch4: mono-1.2.3-use-monodir.patch
 
+Patch7: mono-big-integer-CVE-2007-5197.patch
+
 %description
 The Mono runtime implements a JIT engine for the ECMA CLI
 virtual machine (as well as a byte code interpreter, the
@@ -254,6 +256,8 @@
 %patch3 -p1 -b .libdir
 %patch4 -p1 -b .use-monodir
 
+%patch7 -p0 -b .big-integer
+
 %build
 %ifarch ia64 s390
 export CFLAGS="-O2 -fno-strict-aliasing"
@@ -557,6 +561,10 @@
 %gac_dll IBM.Data.DB2
 
 %changelog
+* Wed Nov  7 2007 Alexander Larsson <alexl at redhat.com> - 1.2.3-4
+- Fix overflow in Mono.Math.BigInteger class (#367531)
+  CVE-2007-5197
+
 * Sun Apr  1 2007 Matthias Clasen <mclasen at redhat.com> - 1.2.3-3
 - Fix a spec format error (#210633)

More information about the fedora-extras-commits mailing list