Package: release.debian.org Severity: normal Tags: bullseye User: release.debian.org@packages.debian.org Usertags: pu X-Debbugs-Cc: sramacher@debian.org, dazzdb@packages.debian.org [ Reason ] glibc 2.32 uncovered a use-after-free issue in dazzdb (#993770). While dazzdb technically does not crash on bullseye, a fix for the issue helps us in avoiding a Breaks in glibc for bullseye -> bookworm upgrades. [ Tests ] The code is covered by autopkgtests [ Risks ] It's the exact same patch as in unstable. [ Checklist ] [x] *all* changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in (old)stable [x] the issue is verified as fixed in unstable Cheers -- Sebastian Ramacher
diff -Nru dazzdb-1.0+git20201103.8d98c37/debian/changelog dazzdb-1.0+git20201103.8d98c37/debian/changelog --- dazzdb-1.0+git20201103.8d98c37/debian/changelog 2021-01-19 10:02:03.000000000 +0100 +++ dazzdb-1.0+git20201103.8d98c37/debian/changelog 2021-09-17 20:48:03.000000000 +0200 @@ -1,3 +1,10 @@ +dazzdb (1.0+git20201103.8d98c37-1+deb11u1) bullseye; urgency=medium + + [ Aurelien Jarno ] + * Fix a use-after-free in DBstats (Closes: #993770) + + -- Sebastian Ramacher <sramacher@debian.org> Fri, 17 Sep 2021 20:48:03 +0200 + dazzdb (1.0+git20201103.8d98c37-1) unstable; urgency=medium * New upstream version diff -Nru dazzdb-1.0+git20201103.8d98c37/debian/patches/series dazzdb-1.0+git20201103.8d98c37/debian/patches/series --- dazzdb-1.0+git20201103.8d98c37/debian/patches/series 2021-01-19 10:02:03.000000000 +0100 +++ dazzdb-1.0+git20201103.8d98c37/debian/patches/series 2021-09-14 20:49:54.000000000 +0200 @@ -2,3 +2,4 @@ compiler-flags.patch destdir.patch cross.patch +use-after-free.patch diff -Nru dazzdb-1.0+git20201103.8d98c37/debian/patches/use-after-free.patch dazzdb-1.0+git20201103.8d98c37/debian/patches/use-after-free.patch --- dazzdb-1.0+git20201103.8d98c37/debian/patches/use-after-free.patch 1970-01-01 01:00:00.000000000 +0100 +++ dazzdb-1.0+git20201103.8d98c37/debian/patches/use-after-free.patch 2021-09-14 20:49:57.000000000 +0200 @@ -0,0 +1,16 @@ +Description: fix a use-after-free causing a segmentation fault with glibc 2.32 +Author: Aurelien Jarno <aurel32@debian.org> +Forwarded: https://github.com/thegenemyers/DAZZ_DB/issues/41 +Last-Update: 2021-09-14 + +--- dazzdb-1.0+git20201103.8d98c37.orig/DBstats.c ++++ dazzdb-1.0+git20201103.8d98c37/DBstats.c +@@ -346,8 +346,6 @@ int main(int argc, char *argv[]) + } + } + printf("\n"); +- +- Close_Track(db,track); + } + } +
Attachment:
signature.asc
Description: PGP signature