Martin v. Löwis schrieb:
>
Can you identify the revisions that would need backporting?
>
I could only find (trunk revisions)
CVE-2007-4965: r65880
CVE-2008-1721: r62235, issue2586
CVE-2008-3144: issue2588, issue2589, r63734, r63728.
CVE-2008-1887: issue2587, r62261, r62271
CVE-2008-4864: r66689
>
So what about
>
CVE-2008-1679: claimed to be issue1179 in the CVE, but
that says it fixes CVE-2007-4965 only?
the original fix for CVE-2007-4965 did miss two chunks, which are included in
r65878 on the 2.5 branch.
this is r65334 on the 2.5 branch and r65335 on the trunk:
Security patches from Apple: prevent int overflow when allocating memory
this was already checked in, with an added NEWS item in 2.4.5. Moved this
to 2.4.6.
Done.
>I would like to apply fixes for some CVE's which are addressed in 2.5 but not
>yet in 2.4. this would include
>>
>CVE-2007-4965
>CVE-2008-1679
>CVE-2008-1721
>CVE-2008-2315
>CVE-2008-3144
>CVE-2008-1887
>CVE-2008-4864
>yet in 2.4. this would include
>>
>CVE-2007-4965
>CVE-2008-1679
>CVE-2008-1721
>CVE-2008-2315
>CVE-2008-3144
>CVE-2008-1887
>CVE-2008-4864
Can you identify the revisions that would need backporting?
>
I could only find (trunk revisions)
CVE-2007-4965: r65880
CVE-2008-1721: r62235, issue2586
CVE-2008-3144: issue2588, issue2589, r63734, r63728.
CVE-2008-1887: issue2587, r62261, r62271
CVE-2008-4864: r66689
>
So what about
>
CVE-2008-1679: claimed to be issue1179 in the CVE, but
that says it fixes CVE-2007-4965 only?
r65878 on the 2.5 branch.
CVE-2008-2315
Security patches from Apple: prevent int overflow when allocating memory
this was already checked in, with an added NEWS item in 2.4.5. Moved this
to 2.4.6.
In principle, this is fine with me, so go ahead.