r38073 - in /branches/libcompress-raw-zlib-perl/CVE-2009-1391/debian: changelog control patches/CVE-2009-1391 patches/series

ntyni at users.alioth.debian.org ntyni at users.alioth.debian.org
Sat Jun 13 18:49:09 UTC 2009 

Author: ntyni
Date: Sat Jun 13 18:49:02 2009
New Revision: 38073

URL: http://svn.debian.org/wsvn/pkg-perl/?sc=1&rev=38073
Log:
* [SECURITY] CVE-2009-1391: Fix a buffer overflow in inflate().
  (Closes: #532738)
* Add myself to Uploaders.

Added:
    branches/libcompress-raw-zlib-perl/CVE-2009-1391/debian/patches/CVE-2009-1391
Modified:
    branches/libcompress-raw-zlib-perl/CVE-2009-1391/debian/changelog
    branches/libcompress-raw-zlib-perl/CVE-2009-1391/debian/control
    branches/libcompress-raw-zlib-perl/CVE-2009-1391/debian/patches/series

Modified: branches/libcompress-raw-zlib-perl/CVE-2009-1391/debian/changelog
URL: http://svn.debian.org/wsvn/pkg-perl/branches/libcompress-raw-zlib-perl/CVE-2009-1391/debian/changelog?rev=38073&op=diff
==============================================================================
--- branches/libcompress-raw-zlib-perl/CVE-2009-1391/debian/changelog (original)
+++ branches/libcompress-raw-zlib-perl/CVE-2009-1391/debian/changelog Sat Jun 13 18:49:02 2009
@@ -1,3 +1,11 @@
+libcompress-raw-zlib-perl (2.015-2) UNRELEASED; urgency=low
+
+  * [SECURITY] CVE-2009-1391: Fix a buffer overflow in inflate().
+    (Closes: #532738)
+  * Add myself to Uploaders.
+
+ -- Niko Tyni <ntyni at debian.org>  Sat, 13 Jun 2009 21:45:22 +0300
+
 libcompress-raw-zlib-perl (2.015-1) unstable; urgency=low
 
   * (NOT RELEASED YET) New upstream release

Modified: branches/libcompress-raw-zlib-perl/CVE-2009-1391/debian/control
URL: http://svn.debian.org/wsvn/pkg-perl/branches/libcompress-raw-zlib-perl/CVE-2009-1391/debian/control?rev=38073&op=diff
==============================================================================
--- branches/libcompress-raw-zlib-perl/CVE-2009-1391/debian/control (original)
+++ branches/libcompress-raw-zlib-perl/CVE-2009-1391/debian/control Sat Jun 13 18:49:02 2009
@@ -5,7 +5,7 @@
  libtest-pod-perl, zlib1g-dev, quilt (>= 0.40)
 Uploaders: Krzysztof Krzyzaniak (eloy) <eloy at debian.org>,
  Damyan Ivanov <dmn at debian.org>, gregor herrmann <gregoa at debian.org>,
- Gunnar Wolf <gwolf at debian.org>
+ Gunnar Wolf <gwolf at debian.org>, Niko Tyni <ntyni at debian.org>
 Maintainer: Debian Perl Group <pkg-perl-maintainers at lists.alioth.debian.org>
 Standards-Version: 3.8.0
 Homepage: http://search.cpan.org/dist/Compress-Raw-Zlib/

Added: branches/libcompress-raw-zlib-perl/CVE-2009-1391/debian/patches/CVE-2009-1391
URL: http://svn.debian.org/wsvn/pkg-perl/branches/libcompress-raw-zlib-perl/CVE-2009-1391/debian/patches/CVE-2009-1391?rev=38073&op=file
==============================================================================
--- branches/libcompress-raw-zlib-perl/CVE-2009-1391/debian/patches/CVE-2009-1391 (added)
+++ branches/libcompress-raw-zlib-perl/CVE-2009-1391/debian/patches/CVE-2009-1391 Sat Jun 13 18:49:02 2009
@@ -1,0 +1,18 @@
+[SECURITY] CVE-2009-1391: Fix a buffer overflow in inflate().
+
+Closes: #532738
+
+https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-1391
+
+Fix cherry-picked from upstream version 2.017.
+--- libcompress-raw-zlib-perl.orig/Zlib.xs
++++ libcompress-raw-zlib-perl/Zlib.xs
+@@ -1322,7 +1322,7 @@
+     while (RETVAL == Z_OK) {
+         if (s->stream.avail_out == 0 ) {
+ 	    /* out of space in the output buffer so make it bigger */
+-            Sv_Grow(output, SvLEN(output) + bufinc) ;
++            Sv_Grow(output, SvLEN(output) + bufinc +1) ;
+             cur_length += increment ;
+             s->stream.next_out = (Bytef*) SvPVbyte_nolen(output) + cur_length ;
+             increment = bufinc ;

Modified: branches/libcompress-raw-zlib-perl/CVE-2009-1391/debian/patches/series
URL: http://svn.debian.org/wsvn/pkg-perl/branches/libcompress-raw-zlib-perl/CVE-2009-1391/debian/patches/series?rev=38073&op=diff
==============================================================================
--- branches/libcompress-raw-zlib-perl/CVE-2009-1391/debian/patches/series (original)
+++ branches/libcompress-raw-zlib-perl/CVE-2009-1391/debian/patches/series Sat Jun 13 18:49:02 2009
@@ -1,1 +1,2 @@
+CVE-2009-1391
 use-debian-zlib.patch

More information about the Pkg-perl-cvs-commits mailing list