karasz
/
package-update
1
0
Fork 0
Code Issues Releases Activity
Browse Source

Updated nas (1.8 -> 1.9.1) : SECURITY - CRITICAL 

CVE-2007-1543 (High) :
Stack-based buffer overflow in the accept_att_local function in server/os/connection.c in Network
Audio System (NAS) before 1.8a SVN 237 allows remote attackers to execute arbitrary code via a
long path slave name in a USL socket connection.

CVE-2007-1544 (Medium) :
Integer overflow in the ProcAuWriteElement function in server/dia/audispatch.c in Network Audio
System (NAS) before 1.8a SVN 237 allows remote attackers to cause a denial of service (crash)
and possibly execute arbitrary code via a large max_samples value.

CVE-2007-1545 (Medium) :
The AddResource function in server/dia/resource.c in Network Audio System (NAS) before 1.8a
SVN 237 allows remote attackers to cause a denial of service (server crash) via a nonexistent
client ID.

CVE-2007-1546 (Medium) :
Array index error in Network Audio System (NAS) before 1.8a SVN 237 allows remote attackers to
cause a denial of service (crash) via (1) large num_action values in the ProcAuSetElements
function in server/dia/audispatch.c or (2) a large inputNum parameter to the compileInputs function
in server/dia/auutil.c.

CVE-2007-1547 (High) :
The ReadRequestFromClient function in server/os/io.c in Network Audio System (NAS) before
1.8a SVN 237 allows remote attackers to cause a denial of service (crash) via multiple
simultaneous connections, which triggers a NULL pointer dereference.
early
Aldas Nabazas 17 years ago
parent
f354d1e020
commit
84c4ca2121
2 changed files with 3 additions and 90 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 87
      audio/nas/X11R7.patch
  2. 6
      audio/nas/nas.desc

87
audio/nas/X11R7.patch
Unescape View File

@ -1,87 +0,0 @@
# --- SDE-COPYRIGHT-NOTE-BEGIN ---
# This copyright note is auto-generated by ./scripts/Create-CopyPatch.
#
# Filename: package/.../nas/X11R7.patch
# Copyright (C) 2004 - 2006 The T2 SDE Project
#
# More information can be found in the files COPYING and README.
#
# This patch file is dual-licensed. It is available under the license the
# patched project is licensed under, as long as it is an OpenSource license
# as defined at http://www.opensource.org/ (e.g. BSD, X11) or under the terms
# of the GNU General Public License as published by the Free Software
# Foundation; either version 2 of the License, or (at your option) any later
# version.
# --- SDE-COPYRIGHT-NOTE-END ---
--- nas-1.7/Makefile 2002-01-20 20:51:24.000000000 +0100
+++ nas-1.7-fixed/Makefile 2005-11-04 15:40:22.000000000 +0100
@@ -71,11 +71,11 @@
IMAKESRC = $(CONFIGSRC)/imake
DEPENDSRC = $(CONFIGSRC)/makedepend
- INCROOT = /usr/X11R6/include
- USRLIBDIR = /usr/X11R6/lib
- SHLIBDIR = /usr/X11R6/lib
+ INCROOT = /usr/X11/include
+ USRLIBDIR = /usr/X11/lib
+ SHLIBDIR = /usr/X11/lib
LINTLIBDIR = $(USRLIBDIR)/lint
- MANPATH = /usr/X11R6/man
+ MANPATH = /usr/X11/man
MANSOURCEPATH = $(MANPATH)/man
MANDIR = $(MANSOURCEPATH)1
LIBMANDIR = $(MANSOURCEPATH)3
@@ -171,7 +171,7 @@
INSTDATFLAGS = -m 0444
INSTKMEMFLAGS = -s -m 4711
- PROJECTROOT = /usr/X11R6
+ PROJECTROOT = /usr/X11
CDEBUGFLAGS = -O3 -mpentium -mieee-fp -fbuiltin
CCOPTIONS = -pipe
@@ -223,7 +223,7 @@
# X Window System make variables; these need to be coordinated with rules
XTOP = $(XPROJECTROOT)
- BINDIR = /usr/X11R6/bin
+ BINDIR = /usr/X11/bin
BUILDINCROOT = $(TOP)/exports
BUILDINCDIR = $(BUILDINCROOT)/include
BUILDINCTOP = ../..
@@ -286,7 +286,7 @@
TRANSCOMMSRC = $(LIBSRC)/xtrans
TRANS_INCLUDES = -I$(TRANSCOMMSRC)
- XPROJECTROOT = /usr/X11R6
+ XPROJECTROOT = /usr/X11
XENVLIBDIR = $(USRLIBDIR)
CLIENTENVSETUP = XLOCALEDIR=$(XBUILDINCROOT)/lib/locale LD_LIBRARY_PATH=$(DTENVLIBDIR):$(OGLENVLIBDIR):$(MOTIFENVLIBDIR):$(XENVLIBDIR)
@@ -492,7 +492,7 @@
MOTIFENVLIBDIR = $(USRLIBDIR)
- USRINCDIR = /usr/X11R6/include
+ USRINCDIR = /usr/X11/include
UIDDIR = $(LIBDIR)/uid
TESTSRC = $(MTOP)/tests
TESTLIB = $(TESTSRC)/lib
@@ -524,7 +524,7 @@
MRESOURCESRC = $(MLIBSRC)/Mrm
UILSRC = $(MCLIENTSRC)/uil
- MPROJECTROOT = /usr/X11R6
+ MPROJECTROOT = /usr/X11
UIL = uil
DEPUIL = $(BINDIR)/uil
@@ -584,7 +584,7 @@
OGLENVLIBDIR = OBuildLibPath
- OPROJECTROOT = /usr/X11R6
+ OPROJECTROOT = /usr/X11
SOGLREV = 1.1
DEPGLLIB =

6
audio/nas/nas.desc
Unescape View File

@ -3,7 +3,7 @@
[COPY] This copyright note is auto-generated by ./scripts/Create-CopyPatch.
[COPY]
[COPY] Filename: package/.../nas/nas.desc
[COPY] Copyright (C) 2006 The OpenSDE Project
[COPY] Copyright (C) 2006 - 2008 The OpenSDE Project
[COPY] Copyright (C) 2004 - 2006 The T2 SDE Project
[COPY] Copyright (C) 1998 - 2004 Clifford Wolf
[COPY]
@ -32,10 +32,10 @@
[L] MIT
[S] Stable
[V] 1.8
[V] 1.9.1
[P] X -----5---9 122.400
[CV-URL] http://radscan.com/nas.html
[D] 3624209591 nas-1.8.src.tar.gz http://radscan.com/nas/
[D] 3255584881 nas-1.9.1.src.tar.gz http://dl.sourceforge.net/sourceforge/nas/

Write Preview
Loading…
Cancel
Save