Date: Sat, 9 Apr 2011 11:03:04 +0000 (UTC) From: "Bjoern A. Zeeb" <bz@FreeBSD.org> To: cvs-src-old@freebsd.org Subject: cvs commit: src/sys/netinet6 ipcomp_input.c src/sys/netipsec xform_ipcomp.c Message-ID: <201104091103.p39B3Wku048437@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
bz 2011-04-09 11:03:04 UTC FreeBSD src repository Modified files: (Branch: RELENG_6) sys/netinet6 ipcomp_input.c sys/netipsec xform_ipcomp.c Log: SVN rev 220485 on 2011-04-09 11:03:04Z by bz MFC r220247: Do not allow directly recursive RFC3173 IPComp payload. While IPv6 does count iterations over next headers in ip6_input, we still disallow directly recursive IPComp payload in the KAME code. Security: CVE-2011-1547 Revision Changes Path 1.8.2.2 +26 -1 src/sys/netinet6/ipcomp_input.c 1.8.2.8 +21 -0 src/sys/netipsec/xform_ipcomp.c
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201104091103.p39B3Wku048437>