Cherry-pick security-relevant fixes from upstream imath library.

Noah Misch <noah@leadboat.com>

Commit: 258e294dbbd8cb55b7825759adee3156f6aaa744
Author: Noah Misch <noah@leadboat.com>
Date: 2015-02-02T15:00:49Z
Releases: 9.4.1
Cherry-pick security-relevant fixes from upstream imath library.

This covers alterations to buffer sizing and zeroing made between imath
1.3 and imath 1.20.  Valgrind Memcheck identified the buffer overruns
and reliance on uninitialized data; their exploit potential is unknown.
Builds specifying --with-openssl are unaffected, because they use the
OpenSSL BIGNUM facility instead of imath.  Back-patch to 9.0 (all
supported versions).

Security: CVE-2015-0243

Files

PathChange+/−
contrib/pgcrypto/imath.c modified +15 −9