r38087 - in /trunk/libcompress-raw-zlib-perl/debian: changelog control patches/CVE-2009-1391 patches/series

ntyni at users.alioth.debian.org ntyni at users.alioth.debian.org
Sun Jun 14 05:56:26 UTC 2009 

Author: ntyni
Date: Sun Jun 14 05:55:54 2009
New Revision: 38087

URL: http://svn.debian.org/wsvn/pkg-perl/?sc=1&rev=38087
Log:
merge 2.015-2 from branches/libcompress-raw-zlib-perl/CVE-2009-1391

Added:
    trunk/libcompress-raw-zlib-perl/debian/patches/CVE-2009-1391
Modified:
    trunk/libcompress-raw-zlib-perl/debian/changelog
    trunk/libcompress-raw-zlib-perl/debian/control
    trunk/libcompress-raw-zlib-perl/debian/patches/series

Modified: trunk/libcompress-raw-zlib-perl/debian/changelog
URL: http://svn.debian.org/wsvn/pkg-perl/trunk/libcompress-raw-zlib-perl/debian/changelog?rev=38087&op=diff
==============================================================================
--- trunk/libcompress-raw-zlib-perl/debian/changelog (original)
+++ trunk/libcompress-raw-zlib-perl/debian/changelog Sun Jun 14 05:55:54 2009
@@ -1,7 +1,6 @@
 libcompress-raw-zlib-perl (2.020-1) UNRELEASED; urgency=low
 
   TODO:
-  merge 2.015-2 from branches/libcompress-raw-zlib-perl/CVE-2009-1391
   wait for 2.015-2 to hit testing
 
   WARNING:
@@ -33,9 +32,17 @@
 
  -- Nathan Handler <nhandler at ubuntu.com>  Thu, 04 Jun 2009 11:44:45 +0000
 
+libcompress-raw-zlib-perl (2.015-2) unstable; urgency=high
+
+  * [SECURITY] CVE-2009-1391: Fix a buffer overflow in inflate().
+    (Closes: #532738)
+  * Add myself to Uploaders.
+
+ -- Niko Tyni <ntyni at debian.org>  Sat, 13 Jun 2009 21:49:34 +0300
+
 libcompress-raw-zlib-perl (2.015-1) unstable; urgency=low
 
-  * (NOT RELEASED YET) New upstream release
+  * New upstream release
   * Added myself as an uploader
 
  -- Gunnar Wolf <gwolf at debian.org>  Thu, 11 Sep 2008 23:31:35 -0500

Modified: trunk/libcompress-raw-zlib-perl/debian/control
URL: http://svn.debian.org/wsvn/pkg-perl/trunk/libcompress-raw-zlib-perl/debian/control?rev=38087&op=diff
==============================================================================
--- trunk/libcompress-raw-zlib-perl/debian/control (original)
+++ trunk/libcompress-raw-zlib-perl/debian/control Sun Jun 14 05:55:54 2009
@@ -5,7 +5,8 @@
  libtest-pod-perl, zlib1g-dev, quilt (>= 0.40)
 Uploaders: Krzysztof Krzyzaniak (eloy) <eloy at debian.org>,
  Damyan Ivanov <dmn at debian.org>, gregor herrmann <gregoa at debian.org>,
- Gunnar Wolf <gwolf at debian.org>, Nathan Handler <nhandler at ubuntu.com>
+ Gunnar Wolf <gwolf at debian.org>, Nathan Handler <nhandler at ubuntu.com>,
+ Niko Tyni <ntyni at debian.org>
 Maintainer: Debian Perl Group <pkg-perl-maintainers at lists.alioth.debian.org>
 Standards-Version: 3.8.1
 Homepage: http://search.cpan.org/dist/Compress-Raw-Zlib/

Added: trunk/libcompress-raw-zlib-perl/debian/patches/CVE-2009-1391
URL: http://svn.debian.org/wsvn/pkg-perl/trunk/libcompress-raw-zlib-perl/debian/patches/CVE-2009-1391?rev=38087&op=file
==============================================================================
--- trunk/libcompress-raw-zlib-perl/debian/patches/CVE-2009-1391 (added)
+++ trunk/libcompress-raw-zlib-perl/debian/patches/CVE-2009-1391 Sun Jun 14 05:55:54 2009
@@ -1,0 +1,18 @@
+[SECURITY] CVE-2009-1391: Fix a buffer overflow in inflate().
+
+Closes: #532738
+
+https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-1391
+
+Fix cherry-picked from upstream version 2.017.
+--- libcompress-raw-zlib-perl.orig/Zlib.xs
++++ libcompress-raw-zlib-perl/Zlib.xs
+@@ -1322,7 +1322,7 @@
+     while (RETVAL == Z_OK) {
+         if (s->stream.avail_out == 0 ) {
+ 	    /* out of space in the output buffer so make it bigger */
+-            Sv_Grow(output, SvLEN(output) + bufinc) ;
++            Sv_Grow(output, SvLEN(output) + bufinc +1) ;
+             cur_length += increment ;
+             s->stream.next_out = (Bytef*) SvPVbyte_nolen(output) + cur_length ;
+             increment = bufinc ;

Modified: trunk/libcompress-raw-zlib-perl/debian/patches/series
URL: http://svn.debian.org/wsvn/pkg-perl/trunk/libcompress-raw-zlib-perl/debian/patches/series?rev=38087&op=diff
==============================================================================
--- trunk/libcompress-raw-zlib-perl/debian/patches/series (original)
+++ trunk/libcompress-raw-zlib-perl/debian/patches/series Sun Jun 14 05:55:54 2009
@@ -1,1 +1,2 @@
+CVE-2009-1391
 use-debian-zlib.patch

More information about the Pkg-perl-cvs-commits mailing list