Bug#692068: unblock: elinks/0.12~pre5-9
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock
Please unblock package elinks. It fixes CVE-2012-4545.
debdiff attached.
unblock elinks/0.12~pre5-9
-- System Information:
Debian Release: wheezy/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 2.6.32-5-amd64 (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
diff -u elinks-0.12~pre5/debian/changelog elinks-0.12~pre5/debian/changelog
--- elinks-0.12~pre5/debian/changelog
+++ elinks-0.12~pre5/debian/changelog
@@ -1,3 +1,9 @@
+elinks (0.12~pre5-9) unstable; urgency=medium
+
+ * Fix CVE-2012-4545
+
+ -- Moritz Mühlenhoff <jmm@debian.org> Thu, 01 Nov 2012 10:53:19 +0100
+
elinks (0.12~pre5-8) unstable; urgency=low
* Apply patch from Guillem Jover to switch to Lua 5.1, thanks!
only in patch2:
unchanged:
--- elinks-0.12~pre5.orig/debian/patches/10-CVE-2012-4545.diff
+++ elinks-0.12~pre5/debian/patches/10-CVE-2012-4545.diff
@@ -0,0 +1,17 @@
+da18694ff7dd0b67dfcb3c417fb0579b1e7d02d7
+
+Fixes CVE-2012-4545
+
+diff --git a/src/protocol/http/http_negotiate.c b/src/protocol/http/http_negotiate.c
+index 470b071..271b443 100644
+--- a/src/protocol/http/http_negotiate.c
++++ b/src/protocol/http/http_negotiate.c
+@@ -188,7 +188,7 @@ http_negotiate_create_context(struct negotiate *neg)
+ &neg->context,
+ neg->server_name,
+ GSS_C_NO_OID,
+- GSS_C_DELEG_FLAG,
++ 0,
+ 0,
+ GSS_C_NO_CHANNEL_BINDINGS,
+ &neg->input_token,
Reply to: