[SCM] vlc/squeeze: Make patches DEP-3 compliant.
bdrung at users.alioth.debian.org
bdrung at users.alioth.debian.org
Mon Jan 24 21:30:59 UTC 2011
The following commit has been merged in the squeeze branch:
commit e043a1b7cb81fab4ed22a304c5e2583ab8933aed
Author: Benjamin Drung <bdrung at ubuntu.com>
Date: Mon Jan 24 22:13:49 2011 +0100
Make patches DEP-3 compliant.
diff --git a/debian/patches/cdg-heap-overflow.diff b/debian/patches/cdg-heap-overflow.diff
index 307ebb0..d04e283 100644
--- a/debian/patches/cdg-heap-overflow.diff
+++ b/debian/patches/cdg-heap-overflow.diff
@@ -1,20 +1,16 @@
Author: Dan Rosenberg <drosenberg at vsecurity.com>
Subject: Fix heap overflows in CDG decoder
-
- This patch resolves two heap corruption vulnerabilities in the CDG
- decoder for VLC media player. In both cases, a failure to properly
- validate indexes into statically-sized arrays on the heap could allow a
- maliciously crafted CDG video to corrupt the heap in a controlled
- manner, potentially leading to code execution.
-
- The patch is against v1.1.5 from vlc git, but this decoder hasn't been
- touched in awhile, so I'd expect it to cleanly apply to older versions.
- I've tested it and confirmed it resolves the heap corruption issues and
- does not break functionality.
-
+ This patch resolves two heap corruption vulnerabilities in the CDG
+ decoder for VLC media player. In both cases, a failure to properly
+ validate indexes into statically-sized arrays on the heap could allow a
+ maliciously crafted CDG video to corrupt the heap in a controlled
+ manner, potentially leading to code execution.
+ .
+ The patch is against v1.1.5 from vlc git, but this decoder hasn't been
+ touched in awhile, so I'd expect it to cleanly apply to older versions.
+ I've tested it and confirmed it resolves the heap corruption issues and
+ does not break functionality.
Origin: upstream, http://git.videolan.org/gitweb.cgi?p=vlc/vlc-1.1.git;a=commit;h=d11fca8bf9dc058bcdf67d81c04f84f8905ad8b4
-Date: Fri Jan 7 11:06:08 2011 -0500
-
diff --git a/modules/codec/cdg.c b/modules/codec/cdg.c
index 31ecd0e..fe7b62d 100644
diff --git a/debian/patches/xml-heap-corruption.diff b/debian/patches/xml-heap-corruption.diff
index 08a70db..3858320 100644
--- a/debian/patches/xml-heap-corruption.diff
+++ b/debian/patches/xml-heap-corruption.diff
@@ -1,5 +1,4 @@
Author: Harry Sintonen <sintonen at iki.fi>
-Date: Mon Jan 17 00:47:58 2011 +0200
Subject: Handle early termination properly in StripTags
Origin: upstream, http://git.videolan.org/gitweb.cgi?p=vlc/vlc-1.1.git;a=commit;h=dc14617f39c03bbe80c3cc4f92799dca840966eb
--
VLC media player packaging
More information about the pkg-multimedia-commits
mailing list