Package: release.debian.org Severity: normal Tags: squeeze User: release.debian.org@packages.debian.org Usertags: pu Hi, catfish currently has 4 unfixed CVE bugs that affect the version in squeeze. All of them were deemed to be minor issues (no DSA) according to the security tracker, so I'd like to fix them via an upload to oldstable instead. Debdiff is attached below. diff -u catfish-0.3.2/debian/changelog catfish-0.3.2/debian/changelog --- catfish-0.3.2/debian/changelog +++ catfish-0.3.2/debian/changelog @@ -1,3 +1,10 @@ +catfish (0.3.2-1+deb6u1) squeeze; urgency=medium + + * Add 50Fix_cve.dpatch. Closes: #739958 + - CVE-2014-2093 CVE-2014-2094 CVE-2014-2095 CVE-2014-2096 + + -- Jackson Doak <noskcaj@ubuntu.com> Tue, 15 Apr 2014 08:00:38 +1000 + catfish (0.3.2-1) unstable; urgency=low [ Marco Rodrigues ] diff -u catfish-0.3.2/debian/patches/00list catfish-0.3.2/debian/patches/00list --- catfish-0.3.2/debian/patches/00list +++ catfish-0.3.2/debian/patches/00list @@ -2,0 +3 @@ +50Fix_cve.dpatch only in patch2: unchanged: --- catfish-0.3.2.orig/debian/patches/50Fix_cve.dpatch +++ catfish-0.3.2/debian/patches/50Fix_cve.dpatch @@ -0,0 +1,22 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run + +@DPATCH@ +diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' catfish-0.3.2~/catfish.py catfish-0.3.2/catfish.py +--- a/catfish.in 2013-02-13 02:45:27 +0000 ++++ b/catfish.in 2014-02-28 04:26:26 +0000 +@@ -1,14 +1,2 @@ + #!/usr/bin/env bash +- +-APPNAME=catfish +- +-if [ -e $APPNAME.pyc ] +- then python $APPNAME.pyc "$@" +- else +- if [ -e $APPNAME.py ] +- then python $APPNAME.py "$@" +- else +- cd %prefix%/share/$APPNAME +- python $APPNAME.pyc "$@" +- fi +- fi ++%python% %prefix%/share/catfish/bin/catfish.py "$@"