Bug#919576: marked as done (stretch-pu: package ncmpc/0.25-0.1)

To: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Subject: Bug#919576: marked as done (stretch-pu: package ncmpc/0.25-0.1)
From: "Debian Bug Tracking System" <owner@bugs.debian.org>
Date: Sat, 27 Apr 2019 10:18:15 +0000
Message-id: <[🔎] handler.919576.D919576.15563600904121.ackdone@bugs.debian.org>
Reply-to: 919576@bugs.debian.org
References: <1556360072.2690.35.camel@adam-barratt.org.uk> <154772905413.26958.13691302747648090747.reportbug@feynman.univ-lyon1.fr>

Your message dated Sat, 27 Apr 2019 11:14:32 +0100
with message-id <1556360072.2690.35.camel@adam-barratt.org.uk>
and subject line Closing bugs for updates included in 9.9
has caused the Debian Bug report #919576,
regarding stretch-pu: package ncmpc/0.25-0.1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
919576: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=919576
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: stretch-pu: package ncmpc/0.25-0.1
From: kaliko <kaliko@azylum.org>
Date: Thu, 17 Jan 2019 13:44:14 +0100
Message-id: <154772905413.26958.13691302747648090747.reportbug@feynman.univ-lyon1.fr>

Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian.org@packages.debian.org
Usertags: pu

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi

Update fixing CVE-2018-9240 / #894724

Source for this patch are on salsa, branch stretch-pu:

    https://salsa.debian.org/kaliko-guest/ncmpc-gbp/tree/stretch-pu

- -------------------------8<-----------------------

+--- a/src/mpdclient.h
++++ b/src/mpdclient.h
+@@ -76,6 +76,9 @@
+ static inline bool
+ mpdclient_finish_command(struct mpdclient *c)
+ {
++	if (!c->connection)
++		return false;
++
+ 	return mpd_response_finish(c->connection)
+ 		? true : mpdclient_handle_error(c);
+ }

- ------------------------->8-----------------------

See attached debdiff.
Cheers

-----BEGIN PGP SIGNATURE-----

iQJGBAEBCgAwFiEEE5yJWkSiFjoTmimKdwOcUqy2lK4FAlxAeJ0SHGthbGlrb0Bh
enlsdW0ub3JnAAoJEHcDnFKstpSuMYQP/ihkQJeHx8oyexwcnLyeYo1NJNPnMJTZ
6fkVMCSrlCtTw43zRDgKTbau6ODIygP8N+mD7eJzXIQmuToO5TkQNaZj1MBAxgMt
PWiNQiJ/Lh/SAmZcGuvUpPMbu/puyiZhJFbMakaZtqoVmIFCnV2zqCMZ5rxM4lRb
mRFyPnpn4bW7aXGSCM6AT1gqOkPpV/jIFvaF4c4wQXQvT67yGdC4NPP5cP8EpdgG
ZJlK89EsWEifGe9vV8qEfUHRO4KN8/FD3KFqYpsiMgQ/a/T6QMnucQqXKnv8xdpr
K9cyZiCn128Jb+a1qGBSKpdBWfw6NcBaDxIpNqb+qu6Coa3pNkrelf+T1Z+pA6lP
8zwola012bn3+HIkWP/BaSpbMO3A2SqU3bZuRZ/ooIbK+bYVQVTNnnoYm3dNjiv5
roP5PcB/TjMA6Tg4VVWyz1qjSZ189bNIkZ7S5aIsg5NGtEB4RjZN9WSYqVL31pki
UO3Ome6/YVtzxQ+msZsXmjP+4/pZZVORDEghtXOkmUhn55GgOZ5i5PVzbNZAV/AN
4EMCpUQmbQ1AWN2apflfa0TfSjTsUWXM8PRp3demxroRwjChhYhcscVK79GS5jUP
0t6wOSebgy47wSSo1ZkJtTJ1LcfexqwTONQs4o6hvHum6GIYUOpSlij7rU0MGbAw
c+DTGh+iG3Ik
=v9xZ
-----END PGP SIGNATURE-----

diff -Nru ncmpc-0.25/debian/changelog ncmpc-0.25/debian/changelog
--- ncmpc-0.25/debian/changelog	2016-10-28 07:05:23.000000000 +0200
+++ ncmpc-0.25/debian/changelog	2019-01-16 12:51:14.000000000 +0100
@@ -1,3 +1,10 @@
+ncmpc (0.25-0.2) stretch; urgency=medium
+
+  * Non-maintainer upload.
+  * Fix CVE-2018-9240 (Closes: #894724)
+
+ -- Geoffroy Youri Berret <efrim@azylum.org>  Wed, 16 Jan 2019 12:51:14 +0100
+
 ncmpc (0.25-0.1) unstable; urgency=medium
 
   * Non-maintainer upload.
diff -Nru ncmpc-0.25/debian/patches/fix-CVE-2018-9240.patch ncmpc-0.25/debian/patches/fix-CVE-2018-9240.patch
--- ncmpc-0.25/debian/patches/fix-CVE-2018-9240.patch	1970-01-01 01:00:00.000000000 +0100
+++ ncmpc-0.25/debian/patches/fix-CVE-2018-9240.patch	2019-01-16 12:51:14.000000000 +0100
@@ -0,0 +1,19 @@
+Description: Fix NULL dereference on long messages
+Author: Jonathan Neuschäfer <j.neuschaefer@gmx.net>
+Origin: https://bugs.debian.org/894724
+Applied-Upstream: v0.30
+Last-Update: 2019-01-16
+---
+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
+--- a/src/mpdclient.h
++++ b/src/mpdclient.h
+@@ -76,6 +76,9 @@
+ static inline bool
+ mpdclient_finish_command(struct mpdclient *c)
+ {
++	if (!c->connection)
++		return false;
++
+ 	return mpd_response_finish(c->connection)
+ 		? true : mpdclient_handle_error(c);
+ }
diff -Nru ncmpc-0.25/debian/patches/series ncmpc-0.25/debian/patches/series
--- ncmpc-0.25/debian/patches/series	2016-10-28 07:05:23.000000000 +0200
+++ ncmpc-0.25/debian/patches/series	2019-01-16 12:51:14.000000000 +0100
@@ -1 +1,2 @@
 lirc.patch
+fix-CVE-2018-9240.patch

--- End Message ---

--- Begin Message ---

To: 890889-done@bugs.debian.org, 892070-done@bugs.debian.org, 910805-done@bugs.debian.org, 914187-done@bugs.debian.org, 914591-done@bugs.debian.org, 919043-done@bugs.debian.org, 919576-done@bugs.debian.org, 921748-done@bugs.debian.org, 921977-done@bugs.debian.org, 921983-done@bugs.debian.org, 922918-done@bugs.debian.org, 922987-done@bugs.debian.org, 922996-done@bugs.debian.org, 923202-done@bugs.debian.org, 923323-done@bugs.debian.org, 923342-done@bugs.debian.org, 923556-done@bugs.debian.org, 923897-done@bugs.debian.org, 924145-done@bugs.debian.org, 924150-done@bugs.debian.org, 924255-done@bugs.debian.org, 924261-done@bugs.debian.org, 924282-done@bugs.debian.org, 924377-done@bugs.debian.org, 924433-done@bugs.debian.org, 924463-done@bugs.debian.org, 924493-done@bugs.debian.org, 924642-done@bugs.debian.org, 924939-done@bugs.debian.org, 924945-done@bugs.debian.org, 925154-done@bugs.debian.org, 925161-done@bugs.debian.org, 925214-done@bugs.debian.org, 925228-done@bugs.debian.org, 925351-done@bugs.debian.org, 925401-done@bugs.debian.org, 925482-done@bugs.debian.org, 925506-done@bugs.debian.org, 925548-done@bugs.debian.org, 925569-done@bugs.debian.org, 926003-done@bugs.debian.org, 926050-done@bugs.debian.org, 926136-done@bugs.debian.org, 926190-done@bugs.debian.org, 926199-done@bugs.debian.org, 926397-done@bugs.debian.org, 926438-done@bugs.debian.org, 926506-done@bugs.debian.org, 926739-done@bugs.debian.org, 926870-done@bugs.debian.org, 926892-done@bugs.debian.org, 926894-done@bugs.debian.org, 926897-done@bugs.debian.org, 927067-done@bugs.debian.org, 927068-done@bugs.debian.org, 927072-done@bugs.debian.org, 927160-done@bugs.debian.org, 927191-done@bugs.debian.org, 927223-done@bugs.debian.org, 927378-done@bugs.debian.org, 927422-done@bugs.debian.org, 927424-done@bugs.debian.org, 922484-done@bugs.debian.org

Subject: Closing bugs for updates included in 9.9

From: "Adam D. Barratt" <adam@adam-barratt.org.uk>

Date: Sat, 27 Apr 2019 11:14:32 +0100

Message-id: <1556360072.2690.35.camel@adam-barratt.org.uk>
Version: 9.9

Hi,

The update referenced by each of these bugs was included in this
morning's stretch point release.

Regards,

Adam
--- End Message ---

Reply to:

Prev by Date: Bug#919043: marked as done (stretch-pu: ckermit/302-5.3+deb9u1)
Next by Date: Bug#921748: marked as done (stretch-pu: package icedtea-web/1.6.2-3.1+deb9u1)
Previous by thread: Bug#919043: marked as done (stretch-pu: ckermit/302-5.3+deb9u1)
Next by thread: Bug#921748: marked as done (stretch-pu: package icedtea-web/1.6.2-3.1+deb9u1)
Index(es):
- Date
- Thread