Re: fixing CVE-2010-0395 for testing
[ -release readers: the original, including the diff, can be found at
http://lists.debian.org/debian-security/2010/06/msg00001.html ]
On Sun, 2010-06-06 at 12:48 +0000, Rene Engelhard wrote:
> I could have uploaded 1:3.2.1-11 to sid just it won't go into testing
> due to http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=584545 and even
> if that would be fixed we'd wait behind gcc-defaults which waits for
> gcc-4.4 which waits for eglibc. And OOo 3.2.1 also has important fixes,
> so I decided to upload that to sid directly.
[...]
> openoffice.org (1:3.2.0-11) unstable; urgency=high
>
> * debian/patches/extensions-mozilla-plugin-pc-if-libxul.diff: remove
> again ..
> * debian/patches/fix-bashisms-in-configure.diff: in favour of the
> correct fix (== vs. = breaking with dash)
> * debian/patches/avoid-execution-of-python-macros-when-browsing.diff:
> avoid execution of python code when browsing macros (CVE-2010-0395)
>
> * debian/rules:
> - fix variable to not add kfreebsd-i386 to OOO_MONO_ARCHS twice but
> to actually add it to OOO_MOZILLA_ARCHS
>
> -- Rene Engelhard <rene@debian.org> Mon, 31 May 2010 22:50:07 +0200
>
> (I of course will fix the .changes to contain testing or testing-security)
Overall, I don't see a problem with fixing this via t-p-u, if that's the
route you'd prefer to take. Looking through the diff, I did spot a
couple of things that weren't directly mentioned in the changelog - one
of the packages has had a duplicated architecture name removed from its
arch list and the build-dependencies have been modified which clutters
the diff a little; after some reformatting, it appears that the latter
change is basically:
-xulrunner-dev [i386 mips mipsel powerpc s390 alpha amd64 kfreebsd-amd64 armel hppa ia64 ppc64 s390x sparc]
-libnss3-dev (>= 3.12.3) [i386 mips mipsel powerpc s390 alpha amd64 kfreebsd-amd64 armel hppa ia64 ppc64 s390x sparc]
+xulrunner-dev [i386 mips mipsel powerpc s390 kfreebsd-i386 alpha amd64 kfreebsd-amd64 armel hppa ia64 ppc64 s390x sparc]
+libnss3-dev (>= 3.12.3) [i386 mips mipsel powerpc s390 kfreebsd-i386 alpha amd64 kfreebsd-amd64 armel hppa ia64 ppc64 s390x sparc]
dmake (>= 1:4.11)
-mono-devel (>= 2.4.2.3) [i386 kfreebsd-i386 amd64 kfreebsd-amd64 ia64 kfreebsd-i386]
-libmono-dev (>= 2.4.2.3) [i386 kfreebsd-i386 amd64 kfreebsd-amd64 ia64 kfreebsd-i386]
-mono-utils (>= 2.4.2.3) [i386 kfreebsd-i386 amd64 kfreebsd-amd64 ia64 kfreebsd-i386]
-cli-common-dev (>= 0.5.7) [i386 kfreebsd-i386 amd64 kfreebsd-amd64 ia64 kfreebsd-i386]
+mono-devel (>= 2.4.2.3) [i386 kfreebsd-i386 amd64 kfreebsd-amd64 ia64]
+libmono-dev (>= 2.4.2.3) [i386 kfreebsd-i386 amd64 kfreebsd-amd64 ia64]
+mono-utils (>= 2.4.2.3) [i386 kfreebsd-i386 amd64 kfreebsd-amd64 ia64]
+cli-common-dev (>= 0.5.7) [i386 kfreebsd-i386 amd64 kfreebsd-amd64 ia64]
I'm assuming that's related to:
> * debian/rules:
> - fix variable to not add kfreebsd-i386 to OOO_MONO_ARCHS twice but
> to actually add it to OOO_MOZILLA_ARCHS
?
Regards,
Adam
Reply to: