[Pkg-voip-commits] r5444 - in /pwlib-titan: tags/1.11.2-1.1/ tags/1.11.2-1.1/debian/changelog tags/1.11.2-1.1/debian/patches/00list tags/1.11.2-1.1/debian/patches/CVE-2007-4897.dpatch trunk/debian/changelog
paravoid at alioth.debian.org
paravoid at alioth.debian.org
Wed Apr 2 05:24:30 UTC 2008
Author: paravoid
Date: Wed Apr 2 05:24:29 2008
New Revision: 5444
URL: http://svn.debian.org/wsvn/pkg-voip/?sc=1&rev=5444
Log:
Import Nico Golde's NMU of pwlib-titan and adapt our changelog to mention it
Added:
pwlib-titan/tags/1.11.2-1.1/
- copied from r5436, pwlib-titan/tags/1.11.2-1/
pwlib-titan/tags/1.11.2-1.1/debian/patches/CVE-2007-4897.dpatch
Modified:
pwlib-titan/tags/1.11.2-1.1/debian/changelog
pwlib-titan/tags/1.11.2-1.1/debian/patches/00list
pwlib-titan/trunk/debian/changelog
Modified: pwlib-titan/tags/1.11.2-1.1/debian/changelog
URL: http://svn.debian.org/wsvn/pkg-voip/pwlib-titan/tags/1.11.2-1.1/debian/changelog?rev=5444&op=diff
==============================================================================
--- pwlib-titan/tags/1.11.2-1.1/debian/changelog (original)
+++ pwlib-titan/tags/1.11.2-1.1/debian/changelog Wed Apr 2 05:24:29 2008
@@ -1,3 +1,12 @@
+pwlib-titan (1.11.2-1.1) unstable; urgency=high
+
+ * Non-maintainer upload by testing-security team.
+ * Fix remote denial of service vulnerability caused
+ by a call to PString::vsprintf if the used object already
+ contained more than 1000 characters (CVE-2007-4897; bug #454139).
+
+ -- Nico Golde <nion at debian.org> Mon, 03 Dec 2007 13:20:05 +0100
+
pwlib-titan (1.11.2-1) unstable; urgency=low
* New upstream release (unstable branch).
Modified: pwlib-titan/tags/1.11.2-1.1/debian/patches/00list
URL: http://svn.debian.org/wsvn/pkg-voip/pwlib-titan/tags/1.11.2-1.1/debian/patches/00list?rev=5444&op=diff
==============================================================================
--- pwlib-titan/tags/1.11.2-1.1/debian/patches/00list (original)
+++ pwlib-titan/tags/1.11.2-1.1/debian/patches/00list Wed Apr 2 05:24:29 2008
@@ -2,3 +2,4 @@
04_names
05_hppa
06_plugins_shared
+CVE-2007-4897
Added: pwlib-titan/tags/1.11.2-1.1/debian/patches/CVE-2007-4897.dpatch
URL: http://svn.debian.org/wsvn/pkg-voip/pwlib-titan/tags/1.11.2-1.1/debian/patches/CVE-2007-4897.dpatch?rev=5444&op=file
==============================================================================
--- pwlib-titan/tags/1.11.2-1.1/debian/patches/CVE-2007-4897.dpatch (added)
+++ pwlib-titan/tags/1.11.2-1.1/debian/patches/CVE-2007-4897.dpatch Wed Apr 2 05:24:29 2008
@@ -1,0 +1,19 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## CVE-2007-4897.dpatch by Nico Golde <nion at debian.org>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: No description.
+
+ at DPATCH@
+diff -urNad pwlib-1.10.10~/src/ptlib/common/contain.cxx pwlib-1.10.10/src/ptlib/common/contain.cxx
+--- pwlib-1.10.10~/src/ptlib/common/contain.cxx 2005-11-30 13:47:41.000000000 +0100
++++ pwlib-1.10.10/src/ptlib/common/contain.cxx 2007-12-03 13:45:00.000000000 +0100
+@@ -2465,7 +2465,7 @@
+ PAssert(SetSize(2000), POutOfMemory);
+ ::vsprintf(theArray+len, fmt, arg);
+ #else
+- PINDEX size = 0;
++ PINDEX size = len;
+ do {
+ size += 1000;
+ PAssert(SetSize(size), POutOfMemory);
Modified: pwlib-titan/trunk/debian/changelog
URL: http://svn.debian.org/wsvn/pkg-voip/pwlib-titan/trunk/debian/changelog?rev=5444&op=diff
==============================================================================
--- pwlib-titan/trunk/debian/changelog (original)
+++ pwlib-titan/trunk/debian/changelog Wed Apr 2 05:24:29 2008
@@ -1,11 +1,8 @@
-pwlib-titan (1.11.2-2) UNRELEASED; urgency=low
+pwlib-titan (1.11.2-2) unstable; urgency=low
[ Kilian Krause ]
* Fix debian/watch to use sf.net instead of voxgratia.org (Closes: #453595)
* Remove symlinks of unused compatibility versions.
- * Fix remote denial of service vulnerability caused
- by a call to PString::vsprintf if the used object already
- contained more than 1000 characters (CVE-2007-4897; Closes: #454139).
* Remove entire -ptrace and -debug build and leave only opt build with
PTRACE code as new binary library. Discussion with Robert Jongbloed
proved that there's no point shipping any other configuration.
@@ -13,6 +10,7 @@
plugins dir anymore.
[ Faidon Liambotis ]
+ * Incorporate NMU by Nico Golde, thanks! (Closes: #454139)
* Fix bug where shlibs were very strict on binNMUed versions.
* Bump Standards-Version to 3.7.3, no changes needed.
* Remove doxygen from Build-Depends-Indep since it's present in
@@ -25,6 +23,15 @@
* Fix syntax error in the ptlib-config.1 manpage.
-- Faidon Liambotis <paravoid at debian.org> Wed, 02 Apr 2008 07:14:27 +0300
+
+pwlib-titan (1.11.2-1.1) unstable; urgency=high
+
+ * Non-maintainer upload by testing-security team.
+ * Fix remote denial of service vulnerability caused
+ by a call to PString::vsprintf if the used object already
+ contained more than 1000 characters (CVE-2007-4897; bug #454139).
+
+ -- Nico Golde <nion at debian.org> Mon, 03 Dec 2007 13:20:05 +0100
pwlib-titan (1.11.2-1) unstable; urgency=low
More information about the Pkg-voip-commits
mailing list