Bug#742313: wheezy-pu: package catfish/0.3.2-2+deb7u1

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#742313: wheezy-pu: package catfish/0.3.2-2+deb7u1
From: Vincent Cheng <vcheng@debian.org>
Date: Sat, 22 Mar 2014 01:17:03 -0700
Message-id: <[🔎] 20140322081703.23306.59591.reportbug@vincent-tlaptop>
Reply-to: Vincent Cheng <vcheng@debian.org>, 742313@bugs.debian.org

Package: release.debian.org
Severity: normal
Tags: wheezy
User: release.debian.org@packages.debian.org
Usertags: pu

Hi,

catfish currently has 4 unfixed CVE bugs that affect the version in wheezy. All
of them were deemed to be minor issues (no DSA) according to the security
tracker, so I'd like to fix them via an upload to stable instead. Debdiff is
attached below.

Jackson: I'll leave it to you to file a bug requesting an upload to squeeze,
just so you know how to handle bugs like this in the future. Ping me for an
upload when approved by the release team.


diff -u catfish-0.3.2/debian/changelog catfish-0.3.2/debian/changelog
--- catfish-0.3.2/debian/changelog
+++ catfish-0.3.2/debian/changelog
@@ -1,3 +1,10 @@
+catfish (0.3.2-2+deb7u1) stable; urgency=medium
+
+  * Add 50Fix_cve.dpatch. Closes: #739958
+    - CVE-2014-2093 CVE-2014-2094 CVE-2014-2095 CVE-2014-2096
+
+ -- Jackson Doak <noskcaj@ubuntu.com>  Sat, 01 Mar 2014 08:05:44 +1100
+
 catfish (0.3.2-2) unstable; urgency=low
 
   * Team upload.
diff -u catfish-0.3.2/debian/patches/00list catfish-0.3.2/debian/patches/00list
--- catfish-0.3.2/debian/patches/00list
+++ catfish-0.3.2/debian/patches/00list
@@ -4,0 +5 @@
+50Fix_cve.dpatch
\ No newline at end of file
only in patch2:
unchanged:
--- catfish-0.3.2.orig/debian/patches/50Fix_cve.dpatch
+++ catfish-0.3.2/debian/patches/50Fix_cve.dpatch
@@ -0,0 +1,22 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+
+@DPATCH@
+diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' catfish-0.3.2~/catfish.py catfish-0.3.2/catfish.py
+--- a/catfish.in   2013-02-13 02:45:27 +0000
++++ b/catfish.in   2014-02-28 04:26:26 +0000
+@@ -1,14 +1,2 @@
+ #!/usr/bin/env bash
+-
+-APPNAME=catfish
+-
+-if [ -e $APPNAME.pyc ]
+-    then python $APPNAME.pyc "$@"
+-    else
+-        if [ -e $APPNAME.py ]
+-            then python $APPNAME.py "$@"
+-            else
+-                cd %prefix%/share/$APPNAME
+-                python $APPNAME.pyc "$@"
+-        fi
+-    fi
++%python% %prefix%/share/catfish/bin/catfish.py "$@"

Regards,
Vincent

-- System Information:
Debian Release: jessie/sid
  APT prefers testing
  APT policy: (700, 'testing'), (500, 'unstable'), (200, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.13-5-vclaptop-amd64 (SMP w/8 CPU cores; PREEMPT)
Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Reply to:

Prev by Date: Bug#742263: squeeze-pu: package lcms2/2.2+git20110628-2.2+deb7u1
Next by Date: Re: BTS and UDD disagrees on the number of RC bugs in stable
Previous by thread: Processed: Re: Bug#742263: squeeze-pu: package lcms2/2.2+git20110628-2.2+deb7u1
Next by thread: Bug#733744: marked as done (transition: libdvbpsi)
Index(es):
- Date
- Thread