commit e92aca8059201ace279c4fcf3d579d90b4ca4c33
Author: Chris Wright <chrisw@sous-sol.org>
Date:   Fri Jun 6 16:05:04 2008 -0700

    Linux 2.6.25.5

commit 33afb8403f361919aa5c8fe1d0a4f5ddbfbbea3c
Author: Chris Wright <chrisw@sous-sol.org>
Date:   Wed Jun 4 09:16:33 2008 -0700

    asn1: additional sanity checking during BER decoding (CVE-2008-1673)
    
    upstream commit: ddb2c43594f22843e9f3153da151deaba1a834c5
    
    - Don't trust a length which is greater than the working buffer.
      An invalid length could cause overflow when calculating buffer size
      for decoding oid.
    
    - An oid length of zero is invalid and allows for an off-by-one error when
      decoding oid because the first subid actually encodes first 2 subids.
    
    - A primitive encoding may not have an indefinite length.
    
    Thanks to Wei Wang from McAfee for report.
    
    Cc: Steven French <sfrench@us.ibm.com>
    Cc: stable@kernel.org
    Acked-by: Patrick McHardy <kaber@trash.net>
    Signed-off-by: Chris Wright <chrisw@sous-sol.org>
    Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>