--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock
Please unblock package bibtool. It fixes a buffer overflow w/o
CVE ID.
unblock bibtool/2.57+ds-3
debdiff:
diff -Nru bibtool-2.57+ds/debian/changelog bibtool-2.57+ds/debian/changelog
--- bibtool-2.57+ds/debian/changelog 2014-10-22 01:46:28.000000000 +0200
+++ bibtool-2.57+ds/debian/changelog 2015-03-04 13:13:27.000000000 +0100
@@ -1,3 +1,9 @@
+bibtool (2.57+ds-3) unstable; urgency=medium
+
+ * buffer overflow security fix (Closes: #779573).
+
+ -- Jerome Benoit <calculus@rezozer.net> Wed, 04 Mar 2015 07:28:23 +0000
+
bibtool (2.57+ds-2) unstable; urgency=medium
* fix location of documentation for texdoc
diff -Nru bibtool-2.57+ds/debian/gbp.conf bibtool-2.57+ds/debian/gbp.conf
--- bibtool-2.57+ds/debian/gbp.conf 1970-01-01 01:00:00.000000000 +0100
+++ bibtool-2.57+ds/debian/gbp.conf 2015-03-04 13:13:27.000000000 +0100
@@ -0,0 +1,2 @@
+[DEFAULT]
+debian-branch=jessie
diff -Nru bibtool-2.57+ds/debian/patches/security_fix-heap_buffer_overflow.patch bibtool-2.57+ds/debian/patches/security_fix-heap_buffer_overflow.patch
--- bibtool-2.57+ds/debian/patches/security_fix-heap_buffer_overflow.patch 1970-01-01 01:00:00.000000000 +0100
+++ bibtool-2.57+ds/debian/patches/security_fix-heap_buffer_overflow.patch 2015-03-04 13:13:27.000000000 +0100
@@ -0,0 +1,31 @@
+Description: security fix: heap buffer overflow
+ Minimal version extracted by hand from uptream commits
+ c6ed92c556f28ca2c738972c647486f9e11424bf
+ and f23adeeb58e64a9e73b0f38c87684a2ce488feed
+ at https://github.com/ge-ne/bibtool/.
+Origin: upstream maintainer
+Author: Gerd Neugebauer <gene@gerd-neugebauer.de>
+Last-Update: 2015-03-04
+
+--- a/print.c
++++ b/print.c
+@@ -269,7 +269,7 @@
+ save_ptr = s; /* */
+ /* */
+ for(ptr = s; /* Search next newline */
+- ptr <= save_ptr && *ptr != '\n'; /* or end of region */
++ ptr < save_ptr && *ptr != '\n'; /* or end of region */
+ ptr++) {} /* */
+ /* */
+ if ( *ptr == '\n' ) /* */
+--- a/rewrite.c
++++ b/rewrite.c
+@@ -304,7 +304,7 @@
+ DebugPrint2("field = ",field); /* */
+ (void)SParseSkip(&s); /* */
+ /* */
+- if ( stackp > stacksize ) /* */
++ if ( stackp >= stacksize ) /* */
+ { stacksize += 8; /* */
+ if ( (stack=(Uchar**)realloc((char*)stack, /* */
+ stacksize*sizeof(char*)))==NULL)/* */
diff -Nru bibtool-2.57+ds/debian/patches/series bibtool-2.57+ds/debian/patches/series
--- bibtool-2.57+ds/debian/patches/series 2014-10-22 01:46:28.000000000 +0200
+++ bibtool-2.57+ds/debian/patches/series 2015-03-04 13:13:27.000000000 +0100
@@ -1,3 +1,4 @@
+security_fix-heap_buffer_overflow.patch
cleanup-upstream.patch
rationalization-upstream-doc.patch
secure-upstream-doc.patch
-- System Information:
Debian Release: 8.0
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.16.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
--- End Message ---