r19096 - in /desktop/unstable/libsoup/debian: changelog control control.in patches/91_security_CVE-2009-0585.patch
slomo at users.alioth.debian.org
slomo at users.alioth.debian.org
Tue Mar 17 12:11:39 UTC 2009
Author: slomo
Date: Tue Mar 17 12:11:39 2009
New Revision: 19096
URL: http://svn.debian.org/wsvn/pkg-gnome/?sc=1&rev=19096
Log:
* SECURITY: debian/patches/91_security_CVE-2009-0585.patch:
+ Possible arbitrary code execution when processing large Base64 strings.
Patch from the Ubuntu package, fixes CVE-2009-0585 (Closes: #520039).
* debian/control:
+ Update Standards-Version to 3.8.0, no additional changes needed.
Added:
desktop/unstable/libsoup/debian/patches/91_security_CVE-2009-0585.patch
Modified:
desktop/unstable/libsoup/debian/changelog
desktop/unstable/libsoup/debian/control
desktop/unstable/libsoup/debian/control.in
Modified: desktop/unstable/libsoup/debian/changelog
URL: http://svn.debian.org/wsvn/pkg-gnome/desktop/unstable/libsoup/debian/changelog?rev=19096&op=diff
==============================================================================
--- desktop/unstable/libsoup/debian/changelog (original)
+++ desktop/unstable/libsoup/debian/changelog Tue Mar 17 12:11:39 2009
@@ -1,8 +1,16 @@
-libsoup (2.2.105-5) UNRELEASED; urgency=low
-
+libsoup (2.2.105-5) unstable; urgency=high
+
+ [ Emilio Pozuelo Monfort ]
* debian/libsoup2.2-doc.doc-base: fix section.
- -- Emilio Pozuelo Monfort <pochu at ubuntu.com> Thu, 25 Sep 2008 00:05:25 +0200
+ [ Sebastian Dröge ]
+ * SECURITY: debian/patches/91_security_CVE-2009-0585.patch:
+ + Possible arbitrary code execution when processing large Base64 strings.
+ Patch from the Ubuntu package, fixes CVE-2009-0585 (Closes: #520039).
+ * debian/control:
+ + Update Standards-Version to 3.8.0, no additional changes needed.
+
+ -- Sebastian Dröge <slomo at debian.org> Tue, 17 Mar 2009 13:11:08 +0100
libsoup (2.2.105-4) unstable; urgency=low
Modified: desktop/unstable/libsoup/debian/control
URL: http://svn.debian.org/wsvn/pkg-gnome/desktop/unstable/libsoup/debian/control?rev=19096&op=diff
==============================================================================
--- desktop/unstable/libsoup/debian/control (original)
+++ desktop/unstable/libsoup/debian/control Tue Mar 17 12:11:39 2009
@@ -2,7 +2,7 @@
Section: devel
Priority: optional
Maintainer: Debian GNOME Maintainers <pkg-gnome-maintainers at lists.alioth.debian.org>
-Uploaders: Josselin Mouette <joss at debian.org>, Loic Minier <lool at dooz.org>, Sebastian Dröge <slomo at debian.org>
+Uploaders: Loic Minier <lool at dooz.org>, Sebastian Dröge <slomo at debian.org>
Build-Depends: debhelper (>= 5),
libglib2.0-dev (>= 2.12.0),
libgnutls-dev (>= 1.4.0),
@@ -12,7 +12,7 @@
gnome-pkg-tools,
dpkg-dev (>= 1.13.19)
Build-Conflicts: libgnutls11-dev
-Standards-Version: 3.7.3
+Standards-Version: 3.8.0
Package: libsoup2.2-dev
Section: devel
Modified: desktop/unstable/libsoup/debian/control.in
URL: http://svn.debian.org/wsvn/pkg-gnome/desktop/unstable/libsoup/debian/control.in?rev=19096&op=diff
==============================================================================
--- desktop/unstable/libsoup/debian/control.in (original)
+++ desktop/unstable/libsoup/debian/control.in Tue Mar 17 12:11:39 2009
@@ -12,7 +12,7 @@
gnome-pkg-tools,
dpkg-dev (>= 1.13.19)
Build-Conflicts: libgnutls11-dev
-Standards-Version: 3.7.3
+Standards-Version: 3.8.0
Package: libsoup2.2-dev
Section: devel
Added: desktop/unstable/libsoup/debian/patches/91_security_CVE-2009-0585.patch
URL: http://svn.debian.org/wsvn/pkg-gnome/desktop/unstable/libsoup/debian/patches/91_security_CVE-2009-0585.patch?rev=19096&op=file
==============================================================================
--- desktop/unstable/libsoup/debian/patches/91_security_CVE-2009-0585.patch (added)
+++ desktop/unstable/libsoup/debian/patches/91_security_CVE-2009-0585.patch Tue Mar 17 12:11:39 2009
@@ -1,0 +1,20 @@
+#
+# Description: fix possible arbitrary code execution when processing large Base64 strings
+# Patch: http://ocert.org/patches/2008-015/libsoup-CVE-2009-0585.diff
+#
+diff -Nur -x '*.orig' -x '*~' libsoup-2.2.100/libsoup/soup-misc.c libsoup-2.2.100.new/libsoup/soup-misc.c
+--- libsoup-2.2.100/libsoup/soup-misc.c 2007-01-02 13:25:11.000000000 -0500
++++ libsoup-2.2.100.new/libsoup/soup-misc.c 2009-03-12 23:39:29.000000000 -0400
+@@ -219,7 +219,11 @@
+ unsigned char *out;
+ int state = 0, outlen, save = 0;
+
+- out = g_malloc (len * 4 / 3 + 5);
++ if (len < 0)
++ g_error("%s: invalid Base64 encoding input length specified: %d",
++ G_STRLOC, len);
++
++ out = g_malloc ((len / 3 + 1) * 4 + 1);
+ outlen = soup_base64_encode_close ((const guchar *)text,
+ len,
+ FALSE,
More information about the pkg-gnome-commits
mailing list