r19097 - in /desktop/unstable/libsoup/debian: changelog control control.in patches/91_security_CVE-2009-0585.patch

slomo at users.alioth.debian.org slomo at users.alioth.debian.org
Tue Mar 17 12:18:28 UTC 2009 

Author: slomo
Date: Tue Mar 17 12:18:27 2009
New Revision: 19097

URL: http://svn.debian.org/wsvn/pkg-gnome/?sc=1&rev=19097
Log:
* revert last commit, this was already fixed in this version.

Modified:
    desktop/unstable/libsoup/debian/changelog
    desktop/unstable/libsoup/debian/control
    desktop/unstable/libsoup/debian/control.in
    desktop/unstable/libsoup/debian/patches/91_security_CVE-2009-0585.patch

Modified: desktop/unstable/libsoup/debian/changelog
URL: http://svn.debian.org/wsvn/pkg-gnome/desktop/unstable/libsoup/debian/changelog?rev=19097&op=diff
==============================================================================
--- desktop/unstable/libsoup/debian/changelog (original)
+++ desktop/unstable/libsoup/debian/changelog Tue Mar 17 12:18:27 2009
@@ -1,16 +1,8 @@
-libsoup (2.2.105-5) unstable; urgency=high
-
-  [ Emilio Pozuelo Monfort ]
+libsoup (2.2.105-5) UNRELEASED; urgency=low
+
   * debian/libsoup2.2-doc.doc-base: fix section.
 
-  [ Sebastian Dröge ]
-  * SECURITY: debian/patches/91_security_CVE-2009-0585.patch:
-    + Possible arbitrary code execution when processing large Base64 strings.
-      Patch from the Ubuntu package, fixes CVE-2009-0585 (Closes: #520039).
-  * debian/control:
-    + Update Standards-Version to 3.8.0, no additional changes needed.
-
- -- Sebastian Dröge <slomo at debian.org>  Tue, 17 Mar 2009 13:11:08 +0100
+ -- Emilio Pozuelo Monfort <pochu at ubuntu.com>  Thu, 25 Sep 2008 00:05:25 +0200
 
 libsoup (2.2.105-4) unstable; urgency=low
 

Modified: desktop/unstable/libsoup/debian/control
URL: http://svn.debian.org/wsvn/pkg-gnome/desktop/unstable/libsoup/debian/control?rev=19097&op=diff
==============================================================================
--- desktop/unstable/libsoup/debian/control (original)
+++ desktop/unstable/libsoup/debian/control Tue Mar 17 12:18:27 2009
@@ -2,7 +2,7 @@
 Section: devel
 Priority: optional
 Maintainer: Debian GNOME Maintainers <pkg-gnome-maintainers at lists.alioth.debian.org>
-Uploaders: Loic Minier <lool at dooz.org>, Sebastian Dröge <slomo at debian.org>
+Uploaders: Josselin Mouette <joss at debian.org>, Loic Minier <lool at dooz.org>, Sebastian Dröge <slomo at debian.org>
 Build-Depends: debhelper (>= 5),
                libglib2.0-dev (>= 2.12.0),
                libgnutls-dev (>= 1.4.0),
@@ -12,7 +12,7 @@
                gnome-pkg-tools,
                dpkg-dev (>= 1.13.19)
 Build-Conflicts: libgnutls11-dev
-Standards-Version: 3.8.0
+Standards-Version: 3.7.3
 
 Package: libsoup2.2-dev
 Section: devel

Modified: desktop/unstable/libsoup/debian/control.in
URL: http://svn.debian.org/wsvn/pkg-gnome/desktop/unstable/libsoup/debian/control.in?rev=19097&op=diff
==============================================================================
--- desktop/unstable/libsoup/debian/control.in (original)
+++ desktop/unstable/libsoup/debian/control.in Tue Mar 17 12:18:27 2009
@@ -12,7 +12,7 @@
                gnome-pkg-tools,
                dpkg-dev (>= 1.13.19)
 Build-Conflicts: libgnutls11-dev
-Standards-Version: 3.8.0
+Standards-Version: 3.7.3
 
 Package: libsoup2.2-dev
 Section: devel

Modified: desktop/unstable/libsoup/debian/patches/91_security_CVE-2009-0585.patch
URL: http://svn.debian.org/wsvn/pkg-gnome/desktop/unstable/libsoup/debian/patches/91_security_CVE-2009-0585.patch?rev=19097&op=diff
==============================================================================
--- desktop/unstable/libsoup/debian/patches/91_security_CVE-2009-0585.patch (original)
+++ desktop/unstable/libsoup/debian/patches/91_security_CVE-2009-0585.patch Tue Mar 17 12:18:27 2009
@@ -1,20 +1,0 @@
-#
-# Description: fix possible arbitrary code execution when processing large Base64 strings
-# Patch: http://ocert.org/patches/2008-015/libsoup-CVE-2009-0585.diff
-#
-diff -Nur -x '*.orig' -x '*~' libsoup-2.2.100/libsoup/soup-misc.c libsoup-2.2.100.new/libsoup/soup-misc.c
---- libsoup-2.2.100/libsoup/soup-misc.c	2007-01-02 13:25:11.000000000 -0500
-+++ libsoup-2.2.100.new/libsoup/soup-misc.c	2009-03-12 23:39:29.000000000 -0400
-@@ -219,7 +219,11 @@
-         unsigned char *out;
-         int state = 0, outlen,  save = 0;
-         
--        out = g_malloc (len * 4 / 3 + 5);
-+        if (len < 0)
-+            g_error("%s: invalid Base64 encoding input length specified: %d",
-+                G_STRLOC, len);
-+
-+        out = g_malloc ((len / 3 + 1) * 4 + 1);
-         outlen = soup_base64_encode_close ((const guchar *)text,
- 					   len, 
- 					   FALSE,

More information about the pkg-gnome-commits mailing list