r43060 - in /branches/lenny/libcompress-raw-zlib-perl/debian: changelog patches/CVE-2009-1391 patches/series

ntyni at users.alioth.debian.org ntyni at users.alioth.debian.org
Thu Aug 27 19:14:32 UTC 2009 

Author: ntyni
Date: Thu Aug 27 19:14:27 2009
New Revision: 43060

URL: http://svn.debian.org/wsvn/pkg-perl/?sc=1&rev=43060
Log:
import debdiff fixing CVE-2009-1391 for stable

Added:
    branches/lenny/libcompress-raw-zlib-perl/debian/patches/CVE-2009-1391
Modified:
    branches/lenny/libcompress-raw-zlib-perl/debian/changelog
    branches/lenny/libcompress-raw-zlib-perl/debian/patches/series

Modified: branches/lenny/libcompress-raw-zlib-perl/debian/changelog
URL: http://svn.debian.org/wsvn/pkg-perl/branches/lenny/libcompress-raw-zlib-perl/debian/changelog?rev=43060&op=diff
==============================================================================
--- branches/lenny/libcompress-raw-zlib-perl/debian/changelog (original)
+++ branches/lenny/libcompress-raw-zlib-perl/debian/changelog Thu Aug 27 19:14:27 2009
@@ -1,3 +1,10 @@
+libcompress-raw-zlib-perl (2.012-1lenny1) stable; urgency=high
+
+  * [SECURITY] CVE-2009-1391: Fix a buffer overflow in inflate().
+    (Closes: #532738)
+
+ -- Niko Tyni <ntyni at debian.org>  Sat, 13 Jun 2009 22:19:41 +0300
+
 libcompress-raw-zlib-perl (2.012-1) unstable; urgency=low
 
   * New upstream release

Added: branches/lenny/libcompress-raw-zlib-perl/debian/patches/CVE-2009-1391
URL: http://svn.debian.org/wsvn/pkg-perl/branches/lenny/libcompress-raw-zlib-perl/debian/patches/CVE-2009-1391?rev=43060&op=file
==============================================================================
--- branches/lenny/libcompress-raw-zlib-perl/debian/patches/CVE-2009-1391 (added)
+++ branches/lenny/libcompress-raw-zlib-perl/debian/patches/CVE-2009-1391 Thu Aug 27 19:14:27 2009
@@ -1,0 +1,18 @@
+[SECURITY] CVE-2009-1391: Fix a buffer overflow in inflate().
+
+Closes: #532738
+
+https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-1391
+
+Fix cherry-picked from upstream version 2.017.
+--- libcompress-raw-zlib-perl-2.012.orig/Zlib.xs
++++ libcompress-raw-zlib-perl-2.012/Zlib.xs
+@@ -1319,7 +1319,7 @@
+     while (RETVAL == Z_OK) {
+         if (s->stream.avail_out == 0 ) {
+ 	    /* out of space in the output buffer so make it bigger */
+-            Sv_Grow(output, SvLEN(output) + bufinc) ;
++            Sv_Grow(output, SvLEN(output) + bufinc +1) ;
+             cur_length += increment ;
+             s->stream.next_out = (Bytef*) SvPVbyte_nolen(output) + cur_length ;
+             increment = bufinc ;

Modified: branches/lenny/libcompress-raw-zlib-perl/debian/patches/series
URL: http://svn.debian.org/wsvn/pkg-perl/branches/lenny/libcompress-raw-zlib-perl/debian/patches/series?rev=43060&op=diff
==============================================================================
--- branches/lenny/libcompress-raw-zlib-perl/debian/patches/series (original)
+++ branches/lenny/libcompress-raw-zlib-perl/debian/patches/series Thu Aug 27 19:14:27 2009
@@ -1,1 +1,2 @@
+CVE-2009-1391
 use-debian-zlib.patch

More information about the Pkg-perl-cvs-commits mailing list