[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#698619: marked as done (unblock: swath/0.4.3-3)

Your message dated Mon, 21 Jan 2013 09:18:51 +0000
with message-id <bd0d34501a1500b4c018cd1ea28f553a@mail.adsl.funky-badger.org>
and subject line Re: Bug#698619: unblock: swath/0.4.3-3
has caused the Debian Bug report #698619,
regarding unblock: swath/0.4.3-3
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
698619: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=698619
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

Please unblock package swath

It fixes potential security hole.
(Security team has been contacted for stable version fix.)

The debdiff has been attached for your review.

unblock swath/0.4.3-3

-- System Information:
Debian Release: 7.0
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=th_TH.utf8, LC_CTYPE=th_TH.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash


diff -Nru swath-0.4.3/debian/changelog swath-0.4.3/debian/changelog
--- swath-0.4.3/debian/changelog	2012-08-10 17:54:12.000000000 +0700
+++ swath-0.4.3/debian/changelog	2013-01-16 22:42:14.000000000 +0700
@@ -1,3 +1,12 @@
+swath (0.4.3-3) unstable; urgency=medium
+
+  * Urgency medium for security fix.
+  * debian/patches/01_buffer-overflow.patch: backport patch from upstream
+    to fix potential buffer overflow in Mule mode.
+    Thanks Dominik Maier for the report. (Closes: #698189)
+
+ -- Theppitak Karoonboonyanan <thep@debian.org>  Wed, 16 Jan 2013 22:34:04 +0700
+
 swath (0.4.3-2) unstable; urgency=low
 
   * Build with xz compression.
diff -Nru swath-0.4.3/debian/patches/01_buffer-overflow.patch swath-0.4.3/debian/patches/01_buffer-overflow.patch
--- swath-0.4.3/debian/patches/01_buffer-overflow.patch	1970-01-01 07:00:00.000000000 +0700
+++ swath-0.4.3/debian/patches/01_buffer-overflow.patch	2013-01-16 22:42:14.000000000 +0700
@@ -0,0 +1,22 @@
+Author: Theppitak Karoonboonyanan <thep@linux.thai.net>
+Description: Fix potential buffer overflow
+Origin: backport, http://linux.thai.net/websvn/wsvn/software.swath/trunk?op=revision&rev=238&peg=238
+Bug-Debian: http://bugs.debian.org/698189
+
+Index: swath/src/wordseg.cpp
+===================================================================
+--- swath.orig/src/wordseg.cpp	2012-02-08 15:45:57.893937559 +0700
++++ swath/src/wordseg.cpp	2013-01-16 22:08:29.341085326 +0700
+@@ -282,11 +282,7 @@
+     }
+   else
+     {
+-      char stopstr[20];
+-      if (muleMode)
+-        strcpy (stopstr, wbr);
+-      else
+-        stopstr[0] = '\0';
++      const char *stopstr = muleMode ? wbr : "";
+       for (;;)
+         {                       // read until end of file.
+           if (mode == 0)
diff -Nru swath-0.4.3/debian/patches/series swath-0.4.3/debian/patches/series
--- swath-0.4.3/debian/patches/series	1970-01-01 07:00:00.000000000 +0700
+++ swath-0.4.3/debian/patches/series	2013-01-16 22:42:14.000000000 +0700
@@ -0,0 +1 @@
+01_buffer-overflow.patch

--- End Message ---
--- Begin Message --- 
On 21.01.2013 09:07, Theppitak Karoonboonyanan wrote:

Please unblock package swath

It fixes potential security hole.


Unblocked; thanks.

Regards,

Adam

--- End Message ---
Reply to: