On Fri, Jun 03, 2005 at 08:29:52PM -0400, Daniel Jacobowitz wrote: > On Fri, Jun 03, 2005 at 05:19:20PM -0700, Steve Langasek wrote: > > Ok, here's a rundown of issues I know are outstanding at this point, that we > > need to try to get cleaned up before release: > > > > snort 2.3.2-3 (bug #311257, bug #311263): missing build on hppa; serious > > bugs only; could be pushed in on all archs but hppa and synced up at point > > release time. > > > > openldap2.2 2.2.23-8 (bug #255276, #308234): missing build on hppa; rather > > ugly bugs, but again we could sync archs in a point release. > > > > samba 3.0.14a-4 (bug #310982): missing build on mipsel; security fix, can be > > synced after release. > > If you're syncing security fixes missing on only one architecture, > should gdb 6.3-6 go in also? i'd have... ahem.. curl with #310948 (it _was_ grave :}), going into archive tomorrow... :} $ debdiff curl_7.13.2-2.dsc curl_7.13.2-3.dsc diff -u curl-7.13.2/debian/changelog curl-7.13.2/debian/changelog --- curl-7.13.2/debian/changelog +++ curl-7.13.2/debian/changelog @@ -1,3 +1,10 @@ +curl (7.13.2-3) unstable; urgency=high + + * HTTP response headers with null bytes are now correctly managed + (closes: #310948). + + -- Domenico Andreoli <cavok@debian.org> Fri, 3 Jun 2005 23:59:30 +0200 + curl (7.13.2-2) unstable; urgency=low * Fixed conditional build of package libcurl3-gssapi only in patch2: unchanged: --- curl-7.13.2.orig/lib/transfer.c +++ curl-7.13.2/lib/transfer.c @@ -355,7 +355,7 @@ /* str_start is start of line within buf */ k->str_start = k->str; - k->end_ptr = strchr (k->str_start, '\n'); + k->end_ptr = memchr(k->str_start, '\n', nread); if (!k->end_ptr) { /* Not a complete header line within buffer, append the data to @@ -423,7 +423,7 @@ } /* copy to end of line */ - strncpy (k->hbufp, k->str_start, full_length); + memcpy(k->hbufp, k->str_start, full_length); k->hbufp += full_length; k->hbuflen += full_length; *k->hbufp = 0; > Not a big deal if it doesn't. It's not important as security fixes go. same here. cheers domenico -----[ Domenico Andreoli, aka cavok --[ http://people.debian.org/~cavok/gpgkey.asc ---[ 3A0F 2F80 F79C 678A 8936 4FEE 0677 9033 A20E BC50
Attachment:
signature.asc
Description: Digital signature