r38087 - in /trunk/libcompress-raw-zlib-perl/debian: changelog control patches/CVE-2009-1391 patches/series
ntyni at users.alioth.debian.org
ntyni at users.alioth.debian.org
Sun Jun 14 05:56:26 UTC 2009
Author: ntyni
Date: Sun Jun 14 05:55:54 2009
New Revision: 38087
URL: http://svn.debian.org/wsvn/pkg-perl/?sc=1&rev=38087
Log:
merge 2.015-2 from branches/libcompress-raw-zlib-perl/CVE-2009-1391
Added:
trunk/libcompress-raw-zlib-perl/debian/patches/CVE-2009-1391
Modified:
trunk/libcompress-raw-zlib-perl/debian/changelog
trunk/libcompress-raw-zlib-perl/debian/control
trunk/libcompress-raw-zlib-perl/debian/patches/series
Modified: trunk/libcompress-raw-zlib-perl/debian/changelog
URL: http://svn.debian.org/wsvn/pkg-perl/trunk/libcompress-raw-zlib-perl/debian/changelog?rev=38087&op=diff
==============================================================================
--- trunk/libcompress-raw-zlib-perl/debian/changelog (original)
+++ trunk/libcompress-raw-zlib-perl/debian/changelog Sun Jun 14 05:55:54 2009
@@ -1,7 +1,6 @@
libcompress-raw-zlib-perl (2.020-1) UNRELEASED; urgency=low
TODO:
- merge 2.015-2 from branches/libcompress-raw-zlib-perl/CVE-2009-1391
wait for 2.015-2 to hit testing
WARNING:
@@ -33,9 +32,17 @@
-- Nathan Handler <nhandler at ubuntu.com> Thu, 04 Jun 2009 11:44:45 +0000
+libcompress-raw-zlib-perl (2.015-2) unstable; urgency=high
+
+ * [SECURITY] CVE-2009-1391: Fix a buffer overflow in inflate().
+ (Closes: #532738)
+ * Add myself to Uploaders.
+
+ -- Niko Tyni <ntyni at debian.org> Sat, 13 Jun 2009 21:49:34 +0300
+
libcompress-raw-zlib-perl (2.015-1) unstable; urgency=low
- * (NOT RELEASED YET) New upstream release
+ * New upstream release
* Added myself as an uploader
-- Gunnar Wolf <gwolf at debian.org> Thu, 11 Sep 2008 23:31:35 -0500
Modified: trunk/libcompress-raw-zlib-perl/debian/control
URL: http://svn.debian.org/wsvn/pkg-perl/trunk/libcompress-raw-zlib-perl/debian/control?rev=38087&op=diff
==============================================================================
--- trunk/libcompress-raw-zlib-perl/debian/control (original)
+++ trunk/libcompress-raw-zlib-perl/debian/control Sun Jun 14 05:55:54 2009
@@ -5,7 +5,8 @@
libtest-pod-perl, zlib1g-dev, quilt (>= 0.40)
Uploaders: Krzysztof Krzyzaniak (eloy) <eloy at debian.org>,
Damyan Ivanov <dmn at debian.org>, gregor herrmann <gregoa at debian.org>,
- Gunnar Wolf <gwolf at debian.org>, Nathan Handler <nhandler at ubuntu.com>
+ Gunnar Wolf <gwolf at debian.org>, Nathan Handler <nhandler at ubuntu.com>,
+ Niko Tyni <ntyni at debian.org>
Maintainer: Debian Perl Group <pkg-perl-maintainers at lists.alioth.debian.org>
Standards-Version: 3.8.1
Homepage: http://search.cpan.org/dist/Compress-Raw-Zlib/
Added: trunk/libcompress-raw-zlib-perl/debian/patches/CVE-2009-1391
URL: http://svn.debian.org/wsvn/pkg-perl/trunk/libcompress-raw-zlib-perl/debian/patches/CVE-2009-1391?rev=38087&op=file
==============================================================================
--- trunk/libcompress-raw-zlib-perl/debian/patches/CVE-2009-1391 (added)
+++ trunk/libcompress-raw-zlib-perl/debian/patches/CVE-2009-1391 Sun Jun 14 05:55:54 2009
@@ -1,0 +1,18 @@
+[SECURITY] CVE-2009-1391: Fix a buffer overflow in inflate().
+
+Closes: #532738
+
+https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-1391
+
+Fix cherry-picked from upstream version 2.017.
+--- libcompress-raw-zlib-perl.orig/Zlib.xs
++++ libcompress-raw-zlib-perl/Zlib.xs
+@@ -1322,7 +1322,7 @@
+ while (RETVAL == Z_OK) {
+ if (s->stream.avail_out == 0 ) {
+ /* out of space in the output buffer so make it bigger */
+- Sv_Grow(output, SvLEN(output) + bufinc) ;
++ Sv_Grow(output, SvLEN(output) + bufinc +1) ;
+ cur_length += increment ;
+ s->stream.next_out = (Bytef*) SvPVbyte_nolen(output) + cur_length ;
+ increment = bufinc ;
Modified: trunk/libcompress-raw-zlib-perl/debian/patches/series
URL: http://svn.debian.org/wsvn/pkg-perl/trunk/libcompress-raw-zlib-perl/debian/patches/series?rev=38087&op=diff
==============================================================================
--- trunk/libcompress-raw-zlib-perl/debian/patches/series (original)
+++ trunk/libcompress-raw-zlib-perl/debian/patches/series Sun Jun 14 05:55:54 2009
@@ -1,1 +1,2 @@
+CVE-2009-1391
use-debian-zlib.patch
More information about the Pkg-perl-cvs-commits
mailing list