Bug#605092: nmu patch

[Steffen Joeris]

Hi,

Please find attached the NMU patch I've uploaded for the DoS issue.

Cheers,
Steffen

diff -u collectd-4.10.1/debian/changelog collectd-4.10.1/debian/changelog
--- collectd-4.10.1/debian/changelog
+++ collectd-4.10.1/debian/changelog
@@ -1,3 +1,12 @@
+collectd (4.10.1-2.1) unstable; urgency=high
+
+  * Non-maintainer upload by the security team
+  * Fix DoS in RRD file creation (Closes: #605092)
+    Fixes: CVE-2010-4336
+    Thanks to Florian Forster
+
+ -- Steffen Joeris <wh...@debian.org>  Wed, 08 Dec 2010 17:45:50 +1100
+
 collectd (4.10.1-2) unstable; urgency=medium
 
   * debian/rules:
diff -u collectd-4.10.1/debian/patches/00list collectd-4.10.1/debian/patches/00list
--- collectd-4.10.1/debian/patches/00list
+++ collectd-4.10.1/debian/patches/00list
@@ -7 +7 @@
-
+CVE-2010-4336.dpatch
only in patch2:
unchanged:
--- collectd-4.10.1.orig/debian/patches/CVE-2010-4336.dpatch
+++ collectd-4.10.1/debian/patches/CVE-2010-4336.dpatch
@@ -0,0 +1,18 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+##
+
+...@dpatch@
+--- ../old/collectd-4.10.1/src/utils_rrdcreate.c	2010-07-09 20:01:59.000000000 +1000
++++ collectd-4.10.1/src/utils_rrdcreate.c	2010-12-08 17:41:34.000000000 +1100
+@@ -398,10 +398,9 @@
+   memcpy (argv + ds_num, rra_def, rra_num * sizeof (char *));
+   argv[ds_num + rra_num] = NULL;
+ 
+-  assert (vl->time > 10);
+   status = srrd_create (filename,
+       (cfg->stepsize > 0) ? cfg->stepsize : vl->interval,
+-      vl->time - 10,
++      (vl->time > 10) ? (vl->time - 10) : vl->time,
+       argc, (const char **) argv);
+ 
+   free (argv);

signature.asc
Description: This is a digitally signed message part.