[DRE-commits] r2094 - in packages/ruby-gnome2/trunk/debian: . patches
acornet at alioth.debian.org
acornet at alioth.debian.org
Sat Dec 1 13:08:56 UTC 2007
Author: acornet
Date: 2007-12-01 13:08:56 +0000 (Sat, 01 Dec 2007)
New Revision: 2094
Added:
packages/ruby-gnome2/trunk/debian/patches/CVE-2007-6183.patch
Modified:
packages/ruby-gnome2/trunk/debian/changelog
packages/ruby-gnome2/trunk/debian/patches/series
Log:
Security fix for CVE-2007-6183.
Modified: packages/ruby-gnome2/trunk/debian/changelog
===================================================================
--- packages/ruby-gnome2/trunk/debian/changelog 2007-12-01 11:56:37 UTC (rev 2093)
+++ packages/ruby-gnome2/trunk/debian/changelog 2007-12-01 13:08:56 UTC (rev 2094)
@@ -1,7 +1,9 @@
-ruby-gnome2 (0.16.0-10) UNRELEASED; urgency=low
+ruby-gnome2 (0.16.0-10) unstable; urgency=high
- * NOT RELEASED YET
* Use new Homepage dpkg-tag.
+ * Included CVE-2007-6183.patch to fix format string vulnerability
+ in rbgtkmessagedialog.c which might lead to arbitrary code
+ execution (Closes: #453689). Thanks to Nico Golde for the fix.
-- Arnaud Cornet <acornet at debian.org> Fri, 30 Nov 2007 08:57:32 +0100
Added: packages/ruby-gnome2/trunk/debian/patches/CVE-2007-6183.patch
===================================================================
--- packages/ruby-gnome2/trunk/debian/patches/CVE-2007-6183.patch (rev 0)
+++ packages/ruby-gnome2/trunk/debian/patches/CVE-2007-6183.patch 2007-12-01 13:08:56 UTC (rev 2094)
@@ -0,0 +1,12 @@
+--- ruby-gnome2/gtk/src/rbgtkmessagedialog.c 2006/10/21 16:58:00 2275
++++ ruby-gnome2/gtk/src/rbgtkmessagedialog.c 2007/11/27 11:40:12 2720
+@@ -28,7 +28,8 @@
+ RVAL2GFLAGS(flags, GTK_TYPE_DIALOG_FLAGS),
+ RVAL2GENUM(type, GTK_TYPE_MESSAGE_TYPE),
+ RVAL2GENUM(buttons, GTK_TYPE_BUTTONS_TYPE),
+- (const gchar*)(NIL_P(message) ? "": RVAL2CSTR(message)));
++ "%s",
++ NIL_P(message) ? "": RVAL2CSTR(message));
+ RBGTK_INITIALIZE(self, w);
+ return Qnil;
+ }
Modified: packages/ruby-gnome2/trunk/debian/patches/series
===================================================================
--- packages/ruby-gnome2/trunk/debian/patches/series 2007-12-01 11:56:37 UTC (rev 2093)
+++ packages/ruby-gnome2/trunk/debian/patches/series 2007-12-01 13:08:56 UTC (rev 2094)
@@ -8,3 +8,4 @@
glib2.14.patch
window-warning.patch
poppler-0.6.patch
+CVE-2007-6183.patch
More information about the Pkg-ruby-extras-commits
mailing list