Bug#949957: marked as done (buster-pu: package freetds/1.00.104-1+deb10u1)

To: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Subject: Bug#949957: marked as done (buster-pu: package freetds/1.00.104-1+deb10u1)
From: "Debian Bug Tracking System" <owner@bugs.debian.org>
Date: Sat, 08 Feb 2020 14:26:34 +0000
Message-id: <[🔎] handler.949957.D949957.158117172415357.ackdone@bugs.debian.org>
Reply-to: 949957@bugs.debian.org
References: <cf1cb2f35981916a86b98b83609df15c95aa378b.camel@adam-barratt.org.uk> <158014308127.7422.9241900785221584046.reportbug@lorien.valinor.li>

Your message dated Sat, 08 Feb 2020 14:21:36 +0000
with message-id <cf1cb2f35981916a86b98b83609df15c95aa378b.camel@adam-barratt.org.uk>
and subject line Closing requests included in 10.3 point release
has caused the Debian Bug report #949957,
regarding buster-pu: package freetds/1.00.104-1+deb10u1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
949957: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=949957
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: buster-pu: package freetds/1.00.104-1+deb10u1
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Mon, 27 Jan 2020 17:38:01 +0100
Message-id: <158014308127.7422.9241900785221584046.reportbug@lorien.valinor.li>

Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian.org@packages.debian.org
Usertags: pu

Hi

freetds in buster is affected by CVE-2019-13508 (cf. #944012). The
issue was fixed in unstable. This update is to address the issue as
well for buster.

Can you accept this update as well for the next buster point release?

Regards,
Salvatore

-- System Information:
Debian Release: bullseye/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-6-amd64 (SMP w/8 CPU cores)
Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE=C (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)

diff -u freetds-1.00.104/debian/changelog freetds-1.00.104/debian/changelog
--- freetds-1.00.104/debian/changelog
+++ freetds-1.00.104/debian/changelog
@@ -1,3 +1,10 @@
+freetds (1.00.104-1+deb10u1) buster; urgency=medium
+
+  * Non-maintainer upload.
+  * tds: Make sure UDT has varint set to 8 (CVE-2019-13508) (Closes: #944012)
+
+ -- Salvatore Bonaccorso <carnil@debian.org>  Mon, 27 Jan 2020 17:28:42 +0100
+
 freetds (1.00.104-1) unstable; urgency=medium
 
   * New upstream release.
diff -u freetds-1.00.104/src/tds/data.c freetds-1.00.104/src/tds/data.c
--- freetds-1.00.104/src/tds/data.c
+++ freetds-1.00.104/src/tds/data.c
@@ -1418,6 +1418,7 @@
 	tds_get_string(tds, tds_get_usmallint(tds), NULL, 0);
 
 	col->column_size = 0x7ffffffflu;
+	col->column_varint_size = 8;
 
 	return TDS_SUCCESS;
 }
@@ -1425,6 +1426,7 @@
 TDS_INT
 tds_clrudt_row_len(TDSCOLUMN *col)
 {
+	col->column_varint_size = 8;
 	/* TODO save other fields */
 	return sizeof(TDSBLOB);
 }

--- End Message ---

--- Begin Message ---

To: 939036-done@bugs.debian.org, 939802-done@bugs.debian.org, 940647-done@bugs.debian.org, 941365-done@bugs.debian.org, 941713-done@bugs.debian.org, 942575-done@bugs.debian.org, 944294-done@bugs.debian.org, 944348-done@bugs.debian.org, 944856-done@bugs.debian.org, 944865-done@bugs.debian.org, 945518-done@bugs.debian.org, 945845-done@bugs.debian.org, 945896-done@bugs.debian.org, 945925-done@bugs.debian.org, 945965-done@bugs.debian.org, 946032-done@bugs.debian.org, 946033-done@bugs.debian.org, 946083-done@bugs.debian.org, 946175-done@bugs.debian.org, 946184-done@bugs.debian.org, 946402-done@bugs.debian.org, 946557-done@bugs.debian.org, 946559-done@bugs.debian.org, 946651-done@bugs.debian.org, 946705-done@bugs.debian.org, 946819-done@bugs.debian.org, 946822-done@bugs.debian.org, 946831-done@bugs.debian.org, 946841-done@bugs.debian.org, 946864-done@bugs.debian.org, 946901-done@bugs.debian.org, 946960-done@bugs.debian.org, 947038-done@bugs.debian.org, 947125-done@bugs.debian.org, 947201-done@bugs.debian.org, 947254-done@bugs.debian.org, 947321-done@bugs.debian.org, 947331-done@bugs.debian.org, 947832-done@bugs.debian.org, 948104-done@bugs.debian.org, 948203-done@bugs.debian.org, 948205-done@bugs.debian.org, 948290-done@bugs.debian.org, 948363-done@bugs.debian.org, 948390-done@bugs.debian.org, 948400-done@bugs.debian.org, 948464-done@bugs.debian.org, 948472-done@bugs.debian.org, 948485-done@bugs.debian.org, 948544-done@bugs.debian.org, 948545-done@bugs.debian.org, 948550-done@bugs.debian.org, 948601-done@bugs.debian.org, 948609-done@bugs.debian.org, 948695-done@bugs.debian.org, 948796-done@bugs.debian.org, 948826-done@bugs.debian.org, 948850-done@bugs.debian.org, 948854-done@bugs.debian.org, 948857-done@bugs.debian.org, 948899-done@bugs.debian.org, 948904-done@bugs.debian.org, 948910-done@bugs.debian.org, 948979-done@bugs.debian.org, 948988-done@bugs.debian.org, 948991-done@bugs.debian.org, 949120-done@bugs.debian.org, 949121-done@bugs.debian.org, 949310-done@bugs.debian.org, 949541-done@bugs.debian.org, 949704-done@bugs.debian.org, 949728-done@bugs.debian.org, 949842-done@bugs.debian.org, 949852-done@bugs.debian.org, 949895-done@bugs.debian.org, 949898-done@bugs.debian.org, 949899-done@bugs.debian.org, 949904-done@bugs.debian.org, 949906-done@bugs.debian.org, 949908-done@bugs.debian.org, 949957-done@bugs.debian.org, 950018-done@bugs.debian.org, 950139-done@bugs.debian.org, 950166-done@bugs.debian.org, 950257-done@bugs.debian.org, 950272-done@bugs.debian.org, 950280-done@bugs.debian.org, 950369-done@bugs.debian.org, 950466-done@bugs.debian.org

Subject: Closing requests included in 10.3 point release

From: "Adam D. Barratt" <adam@adam-barratt.org.uk>

Date: Sat, 08 Feb 2020 14:21:36 +0000

Message-id: <cf1cb2f35981916a86b98b83609df15c95aa378b.camel@adam-barratt.org.uk>
Package: release.debian.org
Version: 10.3

Hi,

Each of the uploads referred to by these bugs was included in today's
stable point release.

Regards,

Adam
--- End Message ---

Reply to:

Prev by Date: Bug#949908: marked as done (buster-pu: package libparse-win32registry-perl/1.0-2+deb10u1)
Next by Date: Bug#950018: marked as done (buster-pu: package php-horde-text-filter/2.3.5-3)
Previous by thread: Bug#949908: marked as done (buster-pu: package libparse-win32registry-perl/1.0-2+deb10u1)
Next by thread: Bug#950018: marked as done (buster-pu: package php-horde-text-filter/2.3.5-3)
Index(es):
- Date
- Thread