[SCM] BOINC packaging branch, wheezy, updated. debian/7.0.27+dfsg-5-21-g8ddb22e

Guo Yixuan culu.gyx at gmail.com
Thu Jun 27 02:20:10 UTC 2013 

The following commit has been merged in the wheezy branch:
commit 67d778a4f14e8b02ddf67f89a9a7b68f4d111302
Author: Guo Yixuan <culu.gyx at gmail.com>
Date:   Thu Jun 27 10:00:17 2013 +0800

    the first patch for CVE-2013-2018
    
    from boinc-v2 3ced18ddaaea5e03d2cc70f8cce5ab214b4d5635

diff --git a/debian/patches/CVE-2013-2018-1-SQL-injections.patch b/debian/patches/CVE-2013-2018-1-SQL-injections.patch
new file mode 100644
index 0000000..3ebb088
--- /dev/null
+++ b/debian/patches/CVE-2013-2018-1-SQL-injections.patch
@@ -0,0 +1,48 @@
+From 3ced18ddaaea5e03d2cc70f8cce5ab214b4d5635 Mon Sep 17 00:00:00 2001
+From: David Anderson <davea at ssl.berkeley.edu>
+Date: Mon, 11 Mar 2013 00:02:16 -0700
+Subject: [PATCH] - client: don't show cache size in startup messages.
+
+---
+ db/boinc_db.cpp         | 4 ++++
+ 2 files changed, 6 insertions(+)
+
+diff --git a/db/boinc_db.cpp b/db/boinc_db.cpp
+index 48aecfa..116c78e 100644
+--- a/db/boinc_db.cpp
++++ b/db/boinc_db.cpp
+@@ -1035,6 +1035,7 @@ void DB_RESULT::db_parse(MYSQL_ROW &r) {
+ 
+ void DB_MSG_FROM_HOST::db_print(char* buf) {
+     ESCAPE(xml);
++    ESCAPE(variety);
+     sprintf(buf,
+         "create_time=%d, "
+         "hostid=%d, variety='%s', "
+@@ -1046,6 +1047,7 @@ void DB_MSG_FROM_HOST::db_print(char* buf) {
+ 
+     );
+     UNESCAPE(xml);
++    UNESCAPE(variety);
+ }
+ 
+ void DB_MSG_FROM_HOST::db_parse(MYSQL_ROW& r) {
+@@ -1061,6 +1063,7 @@ void DB_MSG_FROM_HOST::db_parse(MYSQL_ROW& r) {
+ 
+ void DB_MSG_TO_HOST::db_print(char* buf) {
+     ESCAPE(xml);
++    ESCAPE(variety);
+     sprintf(buf,
+         "create_time=%d, "
+         "hostid=%d, variety='%s', "
+@@ -1070,6 +1073,7 @@ void DB_MSG_TO_HOST::db_print(char* buf) {
+         handled, xml
+     );
+     UNESCAPE(xml);
++    UNESCAPE(variety);
+ }
+ 
+ void DB_MSG_TO_HOST::db_parse(MYSQL_ROW& r) {
+-- 
+1.8.3.1
+
diff --git a/debian/patches/series b/debian/patches/series
index 4cd1c5d..9da85d5 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -61,3 +61,4 @@ workaround-objcxx.patch
 CVE-2013-2298-Scheduler-fix-security-vulnerabilities.patch
 link_with_gold.patch
 wrapper.patch
+CVE-2013-2018-1-SQL-injections.patch

-- 
BOINC packaging

More information about the pkg-boinc-commits mailing list