--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: stretch-pu: package ncmpc/0.25-0.1
- From: kaliko <kaliko@azylum.org>
- Date: Thu, 17 Jan 2019 13:44:14 +0100
- Message-id: <154772905413.26958.13691302747648090747.reportbug@feynman.univ-lyon1.fr>
Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian.org@packages.debian.org
Usertags: pu
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Hi
Update fixing CVE-2018-9240 / #894724
Source for this patch are on salsa, branch stretch-pu:
https://salsa.debian.org/kaliko-guest/ncmpc-gbp/tree/stretch-pu
- -------------------------8<-----------------------
+--- a/src/mpdclient.h
++++ b/src/mpdclient.h
+@@ -76,6 +76,9 @@
+ static inline bool
+ mpdclient_finish_command(struct mpdclient *c)
+ {
++ if (!c->connection)
++ return false;
++
+ return mpd_response_finish(c->connection)
+ ? true : mpdclient_handle_error(c);
+ }
- ------------------------->8-----------------------
See attached debdiff.
Cheers
-----BEGIN PGP SIGNATURE-----
iQJGBAEBCgAwFiEEE5yJWkSiFjoTmimKdwOcUqy2lK4FAlxAeJ0SHGthbGlrb0Bh
enlsdW0ub3JnAAoJEHcDnFKstpSuMYQP/ihkQJeHx8oyexwcnLyeYo1NJNPnMJTZ
6fkVMCSrlCtTw43zRDgKTbau6ODIygP8N+mD7eJzXIQmuToO5TkQNaZj1MBAxgMt
PWiNQiJ/Lh/SAmZcGuvUpPMbu/puyiZhJFbMakaZtqoVmIFCnV2zqCMZ5rxM4lRb
mRFyPnpn4bW7aXGSCM6AT1gqOkPpV/jIFvaF4c4wQXQvT67yGdC4NPP5cP8EpdgG
ZJlK89EsWEifGe9vV8qEfUHRO4KN8/FD3KFqYpsiMgQ/a/T6QMnucQqXKnv8xdpr
K9cyZiCn128Jb+a1qGBSKpdBWfw6NcBaDxIpNqb+qu6Coa3pNkrelf+T1Z+pA6lP
8zwola012bn3+HIkWP/BaSpbMO3A2SqU3bZuRZ/ooIbK+bYVQVTNnnoYm3dNjiv5
roP5PcB/TjMA6Tg4VVWyz1qjSZ189bNIkZ7S5aIsg5NGtEB4RjZN9WSYqVL31pki
UO3Ome6/YVtzxQ+msZsXmjP+4/pZZVORDEghtXOkmUhn55GgOZ5i5PVzbNZAV/AN
4EMCpUQmbQ1AWN2apflfa0TfSjTsUWXM8PRp3demxroRwjChhYhcscVK79GS5jUP
0t6wOSebgy47wSSo1ZkJtTJ1LcfexqwTONQs4o6hvHum6GIYUOpSlij7rU0MGbAw
c+DTGh+iG3Ik
=v9xZ
-----END PGP SIGNATURE-----
diff -Nru ncmpc-0.25/debian/changelog ncmpc-0.25/debian/changelog
--- ncmpc-0.25/debian/changelog 2016-10-28 07:05:23.000000000 +0200
+++ ncmpc-0.25/debian/changelog 2019-01-16 12:51:14.000000000 +0100
@@ -1,3 +1,10 @@
+ncmpc (0.25-0.2) stretch; urgency=medium
+
+ * Non-maintainer upload.
+ * Fix CVE-2018-9240 (Closes: #894724)
+
+ -- Geoffroy Youri Berret <efrim@azylum.org> Wed, 16 Jan 2019 12:51:14 +0100
+
ncmpc (0.25-0.1) unstable; urgency=medium
* Non-maintainer upload.
diff -Nru ncmpc-0.25/debian/patches/fix-CVE-2018-9240.patch ncmpc-0.25/debian/patches/fix-CVE-2018-9240.patch
--- ncmpc-0.25/debian/patches/fix-CVE-2018-9240.patch 1970-01-01 01:00:00.000000000 +0100
+++ ncmpc-0.25/debian/patches/fix-CVE-2018-9240.patch 2019-01-16 12:51:14.000000000 +0100
@@ -0,0 +1,19 @@
+Description: Fix NULL dereference on long messages
+Author: Jonathan Neuschäfer <j.neuschaefer@gmx.net>
+Origin: https://bugs.debian.org/894724
+Applied-Upstream: v0.30
+Last-Update: 2019-01-16
+---
+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
+--- a/src/mpdclient.h
++++ b/src/mpdclient.h
+@@ -76,6 +76,9 @@
+ static inline bool
+ mpdclient_finish_command(struct mpdclient *c)
+ {
++ if (!c->connection)
++ return false;
++
+ return mpd_response_finish(c->connection)
+ ? true : mpdclient_handle_error(c);
+ }
diff -Nru ncmpc-0.25/debian/patches/series ncmpc-0.25/debian/patches/series
--- ncmpc-0.25/debian/patches/series 2016-10-28 07:05:23.000000000 +0200
+++ ncmpc-0.25/debian/patches/series 2019-01-16 12:51:14.000000000 +0100
@@ -1 +1,2 @@
lirc.patch
+fix-CVE-2018-9240.patch
--- End Message ---