security fixes for 2.5.6

Ari Pollak ari at
Tue May 12 22:28:56 EDT 2009

Josh Bressers wrote:
>>> 8331e31a fixes a buffer overflow when initiating file transfer with a
>>> client and it sends back malformed response
> Use CVE-2009-1373 for this one.

I've munged this patch to apply cleanly on top of 2.4.3 and removed the
debugging changes. Feel free to tell me if I've missed something
glaring, since I'm not familiar with the bug.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 30_CVE-2009-1373.patch
Type: text/x-patch
Size: 1685 bytes
Desc: not available
Url : 

More information about the Packagers mailing list