[Pkg-voip-commits] r5444 - in /pwlib-titan: tags/1.11.2-1.1/ tags/1.11.2-1.1/debian/changelog tags/1.11.2-1.1/debian/patches/00list tags/1.11.2-1.1/debian/patches/CVE-2007-4897.dpatch trunk/debian/changelog

paravoid at alioth.debian.org paravoid at alioth.debian.org
Wed Apr 2 05:24:30 UTC 2008 

Author: paravoid
Date: Wed Apr  2 05:24:29 2008
New Revision: 5444

URL: http://svn.debian.org/wsvn/pkg-voip/?sc=1&rev=5444
Log:
Import Nico Golde's NMU of pwlib-titan and adapt our changelog to mention it

Added:
    pwlib-titan/tags/1.11.2-1.1/
      - copied from r5436, pwlib-titan/tags/1.11.2-1/
    pwlib-titan/tags/1.11.2-1.1/debian/patches/CVE-2007-4897.dpatch
Modified:
    pwlib-titan/tags/1.11.2-1.1/debian/changelog
    pwlib-titan/tags/1.11.2-1.1/debian/patches/00list
    pwlib-titan/trunk/debian/changelog

Modified: pwlib-titan/tags/1.11.2-1.1/debian/changelog
URL: http://svn.debian.org/wsvn/pkg-voip/pwlib-titan/tags/1.11.2-1.1/debian/changelog?rev=5444&op=diff
==============================================================================
--- pwlib-titan/tags/1.11.2-1.1/debian/changelog (original)
+++ pwlib-titan/tags/1.11.2-1.1/debian/changelog Wed Apr  2 05:24:29 2008
@@ -1,3 +1,12 @@
+pwlib-titan (1.11.2-1.1) unstable; urgency=high
+
+  * Non-maintainer upload by testing-security team.
+  * Fix remote denial of service vulnerability caused
+    by a call to PString::vsprintf if the used object already
+    contained more than 1000 characters (CVE-2007-4897; bug #454139).
+
+ -- Nico Golde <nion at debian.org>  Mon, 03 Dec 2007 13:20:05 +0100
+
 pwlib-titan (1.11.2-1) unstable; urgency=low
 
   * New upstream release (unstable branch).

Modified: pwlib-titan/tags/1.11.2-1.1/debian/patches/00list
URL: http://svn.debian.org/wsvn/pkg-voip/pwlib-titan/tags/1.11.2-1.1/debian/patches/00list?rev=5444&op=diff
==============================================================================
--- pwlib-titan/tags/1.11.2-1.1/debian/patches/00list (original)
+++ pwlib-titan/tags/1.11.2-1.1/debian/patches/00list Wed Apr  2 05:24:29 2008
@@ -2,3 +2,4 @@
 04_names
 05_hppa
 06_plugins_shared
+CVE-2007-4897

Added: pwlib-titan/tags/1.11.2-1.1/debian/patches/CVE-2007-4897.dpatch
URL: http://svn.debian.org/wsvn/pkg-voip/pwlib-titan/tags/1.11.2-1.1/debian/patches/CVE-2007-4897.dpatch?rev=5444&op=file
==============================================================================
--- pwlib-titan/tags/1.11.2-1.1/debian/patches/CVE-2007-4897.dpatch (added)
+++ pwlib-titan/tags/1.11.2-1.1/debian/patches/CVE-2007-4897.dpatch Wed Apr  2 05:24:29 2008
@@ -1,0 +1,19 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## CVE-2007-4897.dpatch by Nico Golde <nion at debian.org>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: No description.
+
+ at DPATCH@
+diff -urNad pwlib-1.10.10~/src/ptlib/common/contain.cxx pwlib-1.10.10/src/ptlib/common/contain.cxx
+--- pwlib-1.10.10~/src/ptlib/common/contain.cxx	2005-11-30 13:47:41.000000000 +0100
++++ pwlib-1.10.10/src/ptlib/common/contain.cxx	2007-12-03 13:45:00.000000000 +0100
+@@ -2465,7 +2465,7 @@
+   PAssert(SetSize(2000), POutOfMemory);
+   ::vsprintf(theArray+len, fmt, arg);
+ #else
+-  PINDEX size = 0;
++  PINDEX size = len;
+   do {
+     size += 1000;
+     PAssert(SetSize(size), POutOfMemory);

Modified: pwlib-titan/trunk/debian/changelog
URL: http://svn.debian.org/wsvn/pkg-voip/pwlib-titan/trunk/debian/changelog?rev=5444&op=diff
==============================================================================
--- pwlib-titan/trunk/debian/changelog (original)
+++ pwlib-titan/trunk/debian/changelog Wed Apr  2 05:24:29 2008
@@ -1,11 +1,8 @@
-pwlib-titan (1.11.2-2) UNRELEASED; urgency=low
+pwlib-titan (1.11.2-2) unstable; urgency=low
 
   [ Kilian Krause ]
   * Fix debian/watch to use sf.net instead of voxgratia.org (Closes: #453595)
   * Remove symlinks of unused compatibility versions.
-  * Fix remote denial of service vulnerability caused
-    by a call to PString::vsprintf if the used object already
-    contained more than 1000 characters (CVE-2007-4897; Closes: #454139).
   * Remove entire -ptrace and -debug build and leave only opt build with
     PTRACE code as new binary library. Discussion with Robert Jongbloed
     proved that there's no point shipping any other configuration.
@@ -13,6 +10,7 @@
     plugins dir anymore.
 
   [ Faidon Liambotis ]
+  * Incorporate NMU by Nico Golde, thanks! (Closes: #454139)
   * Fix bug where shlibs were very strict on binNMUed versions.
   * Bump Standards-Version to 3.7.3, no changes needed.
   * Remove doxygen from Build-Depends-Indep since it's present in
@@ -25,6 +23,15 @@
   * Fix syntax error in the ptlib-config.1 manpage.
 
  -- Faidon Liambotis <paravoid at debian.org>  Wed, 02 Apr 2008 07:14:27 +0300
+
+pwlib-titan (1.11.2-1.1) unstable; urgency=high
+
+  * Non-maintainer upload by testing-security team.
+  * Fix remote denial of service vulnerability caused
+    by a call to PString::vsprintf if the used object already
+    contained more than 1000 characters (CVE-2007-4897; bug #454139).
+
+ -- Nico Golde <nion at debian.org>  Mon, 03 Dec 2007 13:20:05 +0100
 
 pwlib-titan (1.11.2-1) unstable; urgency=low

More information about the Pkg-voip-commits mailing list