Hi, the CVE-2006-5864 fix (DSA 1214-1) was updated in DSA 1214-2 and I'd like to have the same patch in the etch package. The diff for etch/sid is here: diff -u gv-3.6.2/debian/patches/398292-CVE-2006-5864 gv-3.6.2/debian/patches/398292-CVE-2006-5864 --- gv-3.6.2/debian/patches/398292-CVE-2006-5864 +++ gv-3.6.2/debian/patches/398292-CVE-2006-5864 @@ -6,7 +6,7 @@ quoted=1; line++; while (*line && !(*line == ')' && level == 0 )) { -+ if (cp - text >= PSLINELENGTH - 1) ++ if (cp - text >= PSLINELENGTH - 2) + break; if (*line == '\\') { if (*(line+1) == 'n') { diff -u gv-3.6.2/debian/changelog gv-3.6.2/debian/changelog --- gv-3.6.2/debian/changelog +++ gv-3.6.2/debian/changelog @@ -1,3 +1,9 @@ +gv (1:3.6.2-3) unstable; urgency=high + + * Update fix for CVE-2006-5864 as in DSA 1214-2 (See: #398292). + + -- Christoph Berg <myon@debian.org> Fri, 5 Jan 2007 17:02:41 +0100 + gv (1:3.6.2-2) unstable; urgency=high * Apply patch by Werner Fink to fix ps_gettext() buffer overflow The corresponding diff in sarge: (note that the patch file was renamed, hence the lengthly output) reverted: --- gv-3.6.1/debian/patches/CVE-2006-5864.patch +++ gv-3.6.1.orig/debian/patches/CVE-2006-5864.patch @@ -1,27 +0,0 @@ -Only in gv-3.6.1: gv-3.6.1.orig -diff -aur gv-3.6.1.orig/src/ps.c gv-3.6.1/src/ps.c ---- gv-3.6.1.orig/src/ps.c 2004-12-08 00:55:59.000000000 +0100 -+++ gv-3.6.1/src/ps.c 2006-11-13 12:42:32.000000000 +0100 -@@ -1433,6 +1433,8 @@ - quoted=1; - line++; - while (*line && !(*line == ')' && level == 0 )) { -+ if (cp - text >= PSLINELENGTH - 1) -+ break; - if (*line == '\\') { - if (*(line+1) == 'n') { - *cp++ = '\n'; -@@ -1487,8 +1489,11 @@ - } - } - } else { -- while (*line && !(*line == ' ' || *line == '\t' || *line == '\n')) -+ while (*line && !(*line == ' ' || *line == '\t' || *line == '\n')) { -+ if (cp - text >= PSLINELENGTH - 2) -+ break; - *cp++ = *line++; -+ } - } - *cp = '\0'; - if (next_char) *next_char = line; -Only in gv-3.6.1/src: ps.c~ diff -u gv-3.6.1/debian/changelog gv-3.6.1/debian/changelog --- gv-3.6.1/debian/changelog +++ gv-3.6.1/debian/changelog @@ -1,3 +1,10 @@ +gv (1:3.6.1-10sarge2) stable-security; urgency=high + + * Fix patch application breakage + * Also extent patch for corner case previously unhandled + + -- Moritz Muehlenhoff <jmm@debian.org> Sun, 24 Dec 2006 16:42:29 +0000 + gv (1:3.6.1-10sarge1) stable-security; urgency=high * NMU by the Security Team: only in patch2: unchanged: --- gv-3.6.1.orig/debian/patches/CVE-2006-5864.diff +++ gv-3.6.1/debian/patches/CVE-2006-5864.diff @@ -0,0 +1,27 @@ +Only in gv-3.6.1: gv-3.6.1.orig +diff -aur gv-3.6.1.orig/src/ps.c gv-3.6.1/src/ps.c +--- gv-3.6.1.orig/src/ps.c 2004-12-08 00:55:59.000000000 +0100 ++++ gv-3.6.1/src/ps.c 2006-11-13 12:42:32.000000000 +0100 +@@ -1433,6 +1433,8 @@ + quoted=1; + line++; + while (*line && !(*line == ')' && level == 0 )) { ++ if (cp - text >= PSLINELENGTH - 2) ++ break; + if (*line == '\\') { + if (*(line+1) == 'n') { + *cp++ = '\n'; +@@ -1487,8 +1489,11 @@ + } + } + } else { +- while (*line && !(*line == ' ' || *line == '\t' || *line == '\n')) ++ while (*line && !(*line == ' ' || *line == '\t' || *line == '\n')) { ++ if (cp - text >= PSLINELENGTH - 2) ++ break; + *cp++ = *line++; ++ } + } + *cp = '\0'; + if (next_char) *next_char = line; +Only in gv-3.6.1/src: ps.c~ Christoph -- cb@df7cb.de | http://www.df7cb.de/
Attachment:
signature.asc
Description: Digital signature