[SCM] Konversation packaging for Debian branch, master, updated. debian/1.5-2-10-g2efa544
Diane Trout
diane at moszumanska.debian.org
Mon Aug 31 06:14:15 UTC 2015
Gitweb-URL: http://git.debian.org/?p=pkg-kde/kde-extras/konversation.git;a=commitdiff;h=f1cfbdd
The following commit has been merged in the master branch:
commit f1cfbdd704fd6d30b17be98d72abb163f5d1e686
Author: Diane Trout <diane at ghic.org>
Date: Thu Aug 27 22:31:19 2015 -0700
Remove cve-2014-8483.patch, applied upstream.
---
debian/changelog | 1 +
debian/patches/cve-2014-8483.patch | 49 --------------------------------------
debian/patches/series | 1 -
3 files changed, 1 insertion(+), 50 deletions(-)
diff --git a/debian/changelog b/debian/changelog
index cf5a67a..3349738 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -2,6 +2,7 @@ konversation (1.5-3) UNRELEASED; urgency=medium
* Update watch file.
* Update Diane Trout's email address
+ * Remove cve-2014-8483.patch, applied upstream.
-- Diane Trout <diane at debian.org> Thu, 27 Aug 2015 22:17:59 -0700
diff --git a/debian/patches/cve-2014-8483.patch b/debian/patches/cve-2014-8483.patch
deleted file mode 100644
index 5cc9f00..0000000
--- a/debian/patches/cve-2014-8483.patch
+++ /dev/null
@@ -1,49 +0,0 @@
-Origin: http://quickgit.kde.org/?p=konversation.git&a=commit&h=1f55cee8b3d0956adc98834f7b5832e48e077ed7
-Bug: https://bugs.kde.org/show_bug.cgi?id=210792
-Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=768191
-Description: Do a bounds check on ECB blocks.
- Backport fix for CVE-2014-8483
- https://security-tracker.debian.org/tracker/CVE-2014-8483
- .
- Blindly assuming they're the expected 12 chars can lead to a crash
- on malformed input.
- .
- Original patch by Manuel Nickschas for Quassel, who incorporated
- the original Konversation code into Quassel in 2009.
-
---- a/src/cipher.cpp
-+++ b/src/cipher.cpp
-@@ -353,8 +353,12 @@
- }
- else
- {
-+ // ECB Blowfish encodes in blocks of 12 chars, so anything else is malformed input
-+ if ((temp.length() % 12) != 0)
-+ return cipherText;
-+
- temp = b64ToByte(temp);
-- while((temp.length() % 8) != 0) temp.append('
--
Konversation packaging for Debian
More information about the pkg-kde-commits
mailing list