On Sun, Oct 03, 2010 at 12:25:11PM +0100, Adam D. Barratt wrote: > On Fri, 2010-10-01 at 23:53 +0200, Serafeim Zanikolas wrote: > > +bogofilter (1.1.7-1+lenny1) stable; urgency=high > + > + * Apply patch from Julius Plenz <plenz@cis.fu-berlin.de> to prevent possible > + heap corruption due to a bug in the base64_decode function (CVE-2010-2494, > + aka bogofilter-SA-2010-01). Setting urgency=high, but uploading to stable > + because the issue does not warrant a DSA. closes: #588090. > > This looks fine, thanks. > > + * Build-Depend on quilt > > This, otoh, is not. For a stable update, adding, removing or changing > patch systems is not appropriate. Please apply the changes directly to > the source and send us an updated debdiff for final approval. Sorry about that. interdiff output attached. Cheers, Serafeim
diff -u bogofilter-1.1.7/debian/control bogofilter-1.1.7/debian/control --- bogofilter-1.1.7/debian/control +++ bogofilter-1.1.7/debian/control @@ -1,7 +1,7 @@ Source: bogofilter Section: mail Priority: optional -Maintainer: Clint Adams <schizo@debian.org> +Maintainer: Serafeim Zanikolas <sez@debian.org> Build-Depends: libdb-dev (>= 4.6.19-1), libgsl0-dev, libsqlite3-dev, libqdbm-dev, libtokyocabinet-dev Standards-Version: 3.7.3 diff -u bogofilter-1.1.7/debian/changelog bogofilter-1.1.7/debian/changelog --- bogofilter-1.1.7/debian/changelog +++ bogofilter-1.1.7/debian/changelog @@ -1,3 +1,13 @@ +bogofilter (1.1.7-1+lenny1) stable; urgency=high + + * Apply patch from Julius Plenz <plenz@cis.fu-berlin.de> to prevent possible + heap corruption due to a bug in the base64_decode function (CVE-2010-2494, + aka bogofilter-SA-2010-01). Setting urgency=high, but uploading to stable + because the issue does not warrant a DSA. closes: #588090. + * Update maintainer field in debian/control. + + -- Serafeim Zanikolas <sez@debian.org> Mon, 20 Sep 2010 08:35:46 +0000 + bogofilter (1.1.7-1) unstable; urgency=low * New upstream release. only in patch2: unchanged: --- bogofilter-1.1.7.orig/src/base64.c +++ bogofilter-1.1.7/src/base64.c @@ -61,8 +61,10 @@ d[i] = c; v = v >> 8; } - d += 3 - shorten; - count += 3 - shorten; + if(shorten != 4) { + d += 3 - shorten; + count += 3 - shorten; + } } /* XXX do we need this NUL byte? */ if (word->leng)
Attachment:
signature.asc
Description: Digital signature