Hi, attached is the patch for my NMU. It will be also archived on: http://people.debian.org/~nion/nmu-diff/sqlite_2.8.17-2_2.8.17-2.1.patch Kind regards Nico
-- Nico Golde - http://ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
diff -u sqlite-2.8.17/debian/changelog sqlite-2.8.17/debian/changelog
--- sqlite-2.8.17/debian/changelog
+++ sqlite-2.8.17/debian/changelog
@@ -1,3 +1,11 @@
+sqlite (2.8.17-2.1) unstable; urgency=high
+
+ * Non-maintainer upload by testing security team.
+ * Included 01-fix-CVE-2007-1888.patch to fix buffer overflow
+ in encode.c (CVE-2007-1888) (Closes: #441233).
+
+ -- Nico Golde <[EMAIL PROTECTED]> Fri, 07 Sep 2007 17:47:03 +0200
+
sqlite (2.8.17-2) unstable; urgency=low
* Add Galician (closes: #407958), Russian (closes: #397167) and Spanish
only in patch2:
unchanged:
--- sqlite-2.8.17.orig/debian/patches/01-fix-CVE-2007-1888.patch
+++ sqlite-2.8.17/debian/patches/01-fix-CVE-2007-1888.patch
@@ -0,0 +1,14 @@
+diff -Nurad sqlite-2.8.17~/src/encode.c sqlite-2.8.17/src/encode.c
+--- sqlite-2.8.17~/src/encode.c 2007-09-07 17:45:19.000000000 +0200
++++ sqlite-2.8.17/src/encode.c 2007-09-07 17:45:50.000000000 +0200
+@@ -176,6 +176,10 @@
+ int i, e;
+ unsigned char c;
+ e = *(in++);
++ if(e == 0){
++ return 0;
++ }
++
+ i = 0;
+ while( (c = *(in++))!=0 ){
+ if( c==1 ){
pgpyzjjYUFGqL.pgp
Description: PGP signature
