Bug#698619: unblock: swath/0.4.3-3

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#698619: unblock: swath/0.4.3-3
From: Theppitak Karoonboonyanan <thep@linux.thai.net>
Date: Mon, 21 Jan 2013 16:07:51 +0700
Message-id: <20130121090751.GA31187@cypress.boonyanan.local>
Reply-to: Theppitak Karoonboonyanan <thep@linux.thai.net>, 698619@bugs.debian.org

Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

Please unblock package swath

It fixes potential security hole.
(Security team has been contacted for stable version fix.)

The debdiff has been attached for your review.

unblock swath/0.4.3-3

-- System Information:
Debian Release: 7.0
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=th_TH.utf8, LC_CTYPE=th_TH.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

diff -Nru swath-0.4.3/debian/changelog swath-0.4.3/debian/changelog
--- swath-0.4.3/debian/changelog	2012-08-10 17:54:12.000000000 +0700
+++ swath-0.4.3/debian/changelog	2013-01-16 22:42:14.000000000 +0700
@@ -1,3 +1,12 @@
+swath (0.4.3-3) unstable; urgency=medium
+
+  * Urgency medium for security fix.
+  * debian/patches/01_buffer-overflow.patch: backport patch from upstream
+    to fix potential buffer overflow in Mule mode.
+    Thanks Dominik Maier for the report. (Closes: #698189)
+
+ -- Theppitak Karoonboonyanan <thep@debian.org>  Wed, 16 Jan 2013 22:34:04 +0700
+
 swath (0.4.3-2) unstable; urgency=low
 
   * Build with xz compression.
diff -Nru swath-0.4.3/debian/patches/01_buffer-overflow.patch swath-0.4.3/debian/patches/01_buffer-overflow.patch
--- swath-0.4.3/debian/patches/01_buffer-overflow.patch	1970-01-01 07:00:00.000000000 +0700
+++ swath-0.4.3/debian/patches/01_buffer-overflow.patch	2013-01-16 22:42:14.000000000 +0700
@@ -0,0 +1,22 @@
+Author: Theppitak Karoonboonyanan <thep@linux.thai.net>
+Description: Fix potential buffer overflow
+Origin: backport, http://linux.thai.net/websvn/wsvn/software.swath/trunk?op=revision&rev=238&peg=238
+Bug-Debian: http://bugs.debian.org/698189
+
+Index: swath/src/wordseg.cpp
+===================================================================
+--- swath.orig/src/wordseg.cpp	2012-02-08 15:45:57.893937559 +0700
++++ swath/src/wordseg.cpp	2013-01-16 22:08:29.341085326 +0700
+@@ -282,11 +282,7 @@
+     }
+   else
+     {
+-      char stopstr[20];
+-      if (muleMode)
+-        strcpy (stopstr, wbr);
+-      else
+-        stopstr[0] = '\0';
++      const char *stopstr = muleMode ? wbr : "";
+       for (;;)
+         {                       // read until end of file.
+           if (mode == 0)
diff -Nru swath-0.4.3/debian/patches/series swath-0.4.3/debian/patches/series
--- swath-0.4.3/debian/patches/series	1970-01-01 07:00:00.000000000 +0700
+++ swath-0.4.3/debian/patches/series	2013-01-16 22:42:14.000000000 +0700
@@ -0,0 +1 @@
+01_buffer-overflow.patch

Reply to:

Follow-Ups:
- Bug#698619: unblock: swath/0.4.3-3
  - From: Theppitak Karoonboonyanan <thep@linux.thai.net>
- Bug#698619: marked as done (unblock: swath/0.4.3-3)
  - From: owner@bugs.debian.org (Debian Bug Tracking System)

Prev by Date: NEW changes in stable-new
Next by Date: Bug#698619: unblock: swath/0.4.3-3
Previous by thread: Re: Bug#689578: sysklogd modifies /etc/syslog.conf with helper script
Next by thread: Bug#698619: unblock: swath/0.4.3-3
Index(es):
- Date
- Thread