Bug#922385: stretch-pu: package gsoap/2.8.35-4+deb9u2

To: Mattias Ellert <mattias.ellert@physics.uu.se>, 922385@bugs.debian.org
Subject: Bug#922385: stretch-pu: package gsoap/2.8.35-4+deb9u2
From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Date: Fri, 15 Feb 2019 13:06:12 +0000
Message-id: <[🔎] 1cb7bc5a2352b1eab558927bcf8deb1e@mail.adam-barratt.org.uk>
Reply-to: "Adam D. Barratt" <adam@adam-barratt.org.uk>, 922385@bugs.debian.org
In-reply-to: <[🔎] 75ff4e5b2dd759f4d29af515a233d97d48c22776.camel@physics.uu.se>
References: <[🔎] 75ff4e5b2dd759f4d29af515a233d97d48c22776.camel@physics.uu.se> <[🔎] 75ff4e5b2dd759f4d29af515a233d97d48c22776.camel@physics.uu.se>

Control: tags -1 + moreinfo

On 2019-02-15 10:12, Mattias Ellert wrote:

This is a proposal to fix CVE-2019-7659 in stretch.

The update also addresses one additional advisory published by the
upstream developers.


+-soap_encode_url(const char *s, char *t, size_t len)
++soap_encode_url(const char *s, char *t, int len)

If soap_encode_url is a public symbol, that's an ABI break - int andsize_t may well not be the same size, but they're definitely differentsignedness.


Regards,

Adam

Reply to:

Follow-Ups:
- Bug#922385: stretch-pu: package gsoap/2.8.35-4+deb9u2
  - From: Mattias Ellert <mattias.ellert@physics.uu.se>

References:
- Bug#922385: stretch-pu: package gsoap/2.8.35-4+deb9u2
  - From: Mattias Ellert <mattias.ellert@physics.uu.se>

Prev by Date: Bug#922384: marked as done (jessie-pu: package gsoap/2.8.17-1+deb8u2)
Next by Date: Processed: Re: Bug#922385: stretch-pu: package gsoap/2.8.35-4+deb9u2
Previous by thread: Bug#922385: stretch-pu: package gsoap/2.8.35-4+deb9u2
Next by thread: Bug#922385: stretch-pu: package gsoap/2.8.35-4+deb9u2
Index(es):
- Date
- Thread