Patches for CVE-2013-0242 and CVE-2013-1914

1 files changed, 10 insertions, 1 deletions

diff --git a/current/glibc/glibc-multilib.SlackBuild b/current/glibc/glibc-multilib.SlackBuild
index db93fa2..1795ba5 100755
--- a/current/glibc/glibc-multilib.SlackBuild
+++ b/current/glibc/glibc-multilib.SlackBuild
@@ -30,7 +30,7 @@
 
 VERSION=${VERSION:-2.17}
 CHECKOUT=${CHECKOUT:-""}
-BUILD=${BUILD:-1alien}
+BUILD=${BUILD:-2alien}
 
 ## Included in glibc now:
 ## glibc-libidn version
@@ -193,6 +193,15 @@ apply_patches() {
   # Avoid the Intel optimized asm routines for now because they break
   # the flash player.  We'll phase this in when it's safer to do so.
   zcat $CWD/glibc.disable.broken.optimized.memcpy.diff.gz | patch -p1 --verbose || exit 1
+  # Fix buffer overrun in regexp matcher.  This bug is deemed low impact since
+  # the buffer contents cannot be controlled, but could lead to a crash.
+  zcat $CWD/glibc.CVE-2013-0242.diff.gz | patch -p1 --verbose || exit 1
+  # Fix stack overflow in getaddrinfo with many results.  This bug can only be
+  # triggered through DNS poisoning or through the use of a hostile DNS
+  # server (in which case you already have problems), and requires large
+  # amounts of data to be sent to the targeted machine.  May lead to a
+  # crash.  Considered low impact.
+  zcat $CWD/glibc.CVE-2013-1914.diff.gz | patch -p1 --verbose || exit 1
   if [ $BOOTSTRP -eq 1 ] ; then
     # Multilib - Disable check for forced unwind (Patch from eglibc) since we
     # do not have a multilib glibc yet to link to;