[DRE-commits] r2094 - in packages/ruby-gnome2/trunk/debian: . patches

acornet at alioth.debian.org acornet at alioth.debian.org
Sat Dec 1 13:08:56 UTC 2007


Author: acornet
Date: 2007-12-01 13:08:56 +0000 (Sat, 01 Dec 2007)
New Revision: 2094

Added:
   packages/ruby-gnome2/trunk/debian/patches/CVE-2007-6183.patch
Modified:
   packages/ruby-gnome2/trunk/debian/changelog
   packages/ruby-gnome2/trunk/debian/patches/series
Log:
Security fix for CVE-2007-6183.

Modified: packages/ruby-gnome2/trunk/debian/changelog
===================================================================
--- packages/ruby-gnome2/trunk/debian/changelog	2007-12-01 11:56:37 UTC (rev 2093)
+++ packages/ruby-gnome2/trunk/debian/changelog	2007-12-01 13:08:56 UTC (rev 2094)
@@ -1,7 +1,9 @@
-ruby-gnome2 (0.16.0-10) UNRELEASED; urgency=low
+ruby-gnome2 (0.16.0-10) unstable; urgency=high
 
-  * NOT RELEASED YET
   * Use new Homepage dpkg-tag.
+  * Included CVE-2007-6183.patch to fix format string vulnerability
+    in rbgtkmessagedialog.c which might lead to arbitrary code
+    execution (Closes: #453689). Thanks to Nico Golde for the fix.
 
  -- Arnaud Cornet <acornet at debian.org>  Fri, 30 Nov 2007 08:57:32 +0100
 

Added: packages/ruby-gnome2/trunk/debian/patches/CVE-2007-6183.patch
===================================================================
--- packages/ruby-gnome2/trunk/debian/patches/CVE-2007-6183.patch	                        (rev 0)
+++ packages/ruby-gnome2/trunk/debian/patches/CVE-2007-6183.patch	2007-12-01 13:08:56 UTC (rev 2094)
@@ -0,0 +1,12 @@
+--- ruby-gnome2/gtk/src/rbgtkmessagedialog.c	2006/10/21 16:58:00	2275
++++ ruby-gnome2/gtk/src/rbgtkmessagedialog.c	2007/11/27 11:40:12	2720
+@@ -28,7 +28,8 @@
+                                RVAL2GFLAGS(flags, GTK_TYPE_DIALOG_FLAGS), 
+                                RVAL2GENUM(type, GTK_TYPE_MESSAGE_TYPE), 
+                                RVAL2GENUM(buttons, GTK_TYPE_BUTTONS_TYPE),
+-                               (const gchar*)(NIL_P(message) ? "": RVAL2CSTR(message)));
++                               "%s",
++                               NIL_P(message) ? "": RVAL2CSTR(message));
+     RBGTK_INITIALIZE(self, w);
+     return Qnil;
+ }

Modified: packages/ruby-gnome2/trunk/debian/patches/series
===================================================================
--- packages/ruby-gnome2/trunk/debian/patches/series	2007-12-01 11:56:37 UTC (rev 2093)
+++ packages/ruby-gnome2/trunk/debian/patches/series	2007-12-01 13:08:56 UTC (rev 2094)
@@ -8,3 +8,4 @@
 glib2.14.patch
 window-warning.patch
 poppler-0.6.patch
+CVE-2007-6183.patch




More information about the Pkg-ruby-extras-commits mailing list