Bug#919576: stretch-pu: package ncmpc/0.25-0.1

To: "Adam D. Barratt" <adam@adam-barratt.org.uk>, 919576@bugs.debian.org, Salvatore Bonaccorso <carnil@debian.org>
Subject: Bug#919576: stretch-pu: package ncmpc/0.25-0.1
From: kaliko <kaliko@azylum.org>
Date: Tue, 5 Feb 2019 09:09:37 +0100
Message-id: <[🔎] 769a1165-c8a6-a315-7c32-338c4a2569b0@azylum.org>
Reply-to: kaliko <kaliko@azylum.org>, 919576@bugs.debian.org
In-reply-to: <[🔎] 1549315605.2569.31.camel@adam-barratt.org.uk>
References: <154772905413.26958.13691302747648090747.reportbug@feynman.univ-lyon1.fr> <20190127081446.GA19024@eldamar.local> <154772905413.26958.13691302747648090747.reportbug@feynman.univ-lyon1.fr> <f29fa986-d32c-7fc0-f8d5-7d271105416f@azylum.org> <[🔎] 1549315605.2569.31.camel@adam-barratt.org.uk> <154772905413.26958.13691302747648090747.reportbug@feynman.univ-lyon1.fr>

Shame /o\

On 04/02/2019 22:26, Adam D. Barratt wrote:
> Control: tags -1 + confirmed
> 
> On Mon, 2019-01-28 at 14:35 +0100, kaliko wrote:
>> On 27/01/2019 09:14, Salvatore Bonaccorso wrote:
>>> On Thu, Jan 17, 2019 at 01:44:14PM +0100, kaliko wrote:
> [...]
>>>> Update fixing CVE-2018-9240 / #894724
>>> […]> Please use for consistency (although that would be possible if
>>> 0.25-0.2 was never used) rather 0.25-0.1+deb9u1 for the version.
>>
>> I updated the patch according to your review (find attached).
> 
> The diff you provided is reversed. Please feel free to upload the
> correctly-applied version.


Sorry for that, here is the correct patch.

Thanks
k

diff -Nru ncmpc-0.25/debian/changelog ncmpc-0.25/debian/changelog
--- ncmpc-0.25/debian/changelog	2016-10-28 07:05:23.000000000 +0200
+++ ncmpc-0.25/debian/changelog	2019-01-16 12:51:14.000000000 +0100
@@ -1,3 +1,10 @@
+ncmpc (0.25-0.1+deb9u1) stretch; urgency=medium
+
+  * Non-maintainer upload.
+  * Fix CVE-2018-9240 (Closes: #894724)
+
+ -- Geoffroy Youri Berret <efrim@azylum.org>  Wed, 16 Jan 2019 12:51:14 +0100
+
 ncmpc (0.25-0.1) unstable; urgency=medium
 
   * Non-maintainer upload.
diff -Nru ncmpc-0.25/debian/patches/fix-CVE-2018-9240.patch ncmpc-0.25/debian/patches/fix-CVE-2018-9240.patch
--- ncmpc-0.25/debian/patches/fix-CVE-2018-9240.patch	1970-01-01 01:00:00.000000000 +0100
+++ ncmpc-0.25/debian/patches/fix-CVE-2018-9240.patch	2019-01-16 12:51:14.000000000 +0100
@@ -0,0 +1,19 @@
+Description: Fix NULL dereference on long messages
+Author: Jonathan NeuschÃ¤fer <j.neuschaefer@gmx.net>
+Origin: https://bugs.debian.org/894724
+Applied-Upstream: v0.30
+Last-Update: 2019-01-16
+---
+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
+--- a/src/mpdclient.h
++++ b/src/mpdclient.h
+@@ -76,6 +76,9 @@
+ static inline bool
+ mpdclient_finish_command(struct mpdclient *c)
+ {
++	if (!c->connection)
++		return false;
++
+ 	return mpd_response_finish(c->connection)
+ 		? true : mpdclient_handle_error(c);
+ }
diff -Nru ncmpc-0.25/debian/patches/series ncmpc-0.25/debian/patches/series
--- ncmpc-0.25/debian/patches/series	2016-10-28 07:05:23.000000000 +0200
+++ ncmpc-0.25/debian/patches/series	2019-01-16 12:51:14.000000000 +0100
@@ -1 +1,2 @@
 lirc.patch
+fix-CVE-2018-9240.patch

Attachment: signature.asc
Description: OpenPGP digital signature

Reply to:

References:
- Bug#919576: stretch-pu: package ncmpc/0.25-0.1
  - From: "Adam D. Barratt" <adam@adam-barratt.org.uk>

Prev by Date: NEW changes in stable-new
Next by Date: NEW changes in stable-new
Previous by thread: Processed: Re: Bug#919576: stretch-pu: package ncmpc/0.25-0.1
Next by thread: Bug#914081: stretch-pu: package jdupes/1.7-2
Index(es):
- Date
- Thread