Hi Attached you will find the final nmu.patch, which I uploaded to unstable. I had to fix the other RC bug as well, because I could not upload a smaller version of the emacs metapackage, than the one, which is already in the archive. Sorry for the noise and I hope you did not mind. Feel free to contact me, if you have further queries.
Cheers Steffen
diff -u emacs21-21.4a+1/debian/changelog emacs21-21.4a+1/debian/changelog --- emacs21-21.4a+1/debian/changelog +++ emacs21-21.4a+1/debian/changelog @@ -1,3 +1,13 @@ +emacs21 (21.4a+1-5.1) unstable; urgency=high + + * Non-maintainer upload by the testing-security team + * Include patch (CVE-2007-2833.diff) to fix a crash when determining + the size of some GIF images (Closes: #408929) Fixes: CVE-2007-2833 + * Don't produce the emacs metapackage anymore, because it is now + build by the emacs22 source package (Closes: #433861) + + -- Steffen Joeris <[EMAIL PROTECTED]> Tue, 21 Aug 2007 05:23:01 +0000 + emacs21 (21.4a+1-5) unstable; urgency=low * Move man pages back to emacs21-common. (closes: #414321) [rlb] diff -u emacs21-21.4a+1/debian/control emacs21-21.4a+1/debian/control --- emacs21-21.4a+1/debian/control +++ emacs21-21.4a+1/debian/control @@ -6,17 +6,6 @@ Build-Depends: mailx, libncurses5-dev, texinfo, liblockfile-dev, libungif4-dev, libtiff4-dev | libtiff-dev, xaw3dg-dev, libpng3-dev, libjpeg62-dev, autotools-dev, dpkg-dev (>> 1.10.0), quilt, debhelper (>= 4), libxaw7-dev, sharutils Standards-Version: 3.7.2 -Package: emacs -Section: editors -Priority: optional -Architecture: all -Depends: emacs21 | emacs21-nox -Provides: emacsen, editor, info-browser, mail-reader, news-reader -Description: The GNU Emacs editor (metapackage) - GNU Emacs is the extensible self-documenting text editor. - This is a metapackage which will always depend on the latest Emacs - release. - Package: emacs21 Section: editors Priority: optional diff -u emacs21-21.4a+1/debian/control.in emacs21-21.4a+1/debian/control.in --- emacs21-21.4a+1/debian/control.in +++ emacs21-21.4a+1/debian/control.in @@ -6,17 +6,6 @@ Build-Depends: mailx, libncurses5-dev, texinfo, liblockfile-dev, libungif4-dev, libtiff4-dev | libtiff-dev, xaw3dg-dev, libpng3-dev, libjpeg62-dev, autotools-dev, dpkg-dev (>> 1.10.0), quilt, debhelper (>= 4), libxaw7-dev, sharutils Standards-Version: 3.7.2 -Package: emacs -Section: editors -Priority: optional -Architecture: all -Depends: @DEB_FLAVOR@ | @[EMAIL PROTECTED] -Provides: emacsen, editor, info-browser, mail-reader, news-reader -Description: The GNU Emacs editor (metapackage) - GNU Emacs is the extensible self-documenting text editor. - This is a metapackage which will always depend on the latest Emacs - release. - Package: @DEB_FLAVOR@ Section: editors Priority: optional diff -u emacs21-21.4a+1/debian/patches/00list emacs21-21.4a+1/debian/patches/00list --- emacs21-21.4a+1/debian/patches/00list +++ emacs21-21.4a+1/debian/patches/00list @@ -29,0 +30 @@ +CVE-2007-2833 diff -u emacs21-21.4a+1/debian/patches/series emacs21-21.4a+1/debian/patches/series --- emacs21-21.4a+1/debian/patches/series +++ emacs21-21.4a+1/debian/patches/series @@ -35,0 +36 @@ +CVE-2007-2833.diff only in patch2: unchanged: --- emacs21-21.4a+1.orig/debian/patches/CVE-2007-2833.diff +++ emacs21-21.4a+1/debian/patches/CVE-2007-2833.diff @@ -0,0 +1,34 @@ +--- emacs21-21.4a+1.orig/src/xfns.c ++++ emacs21-21.4a+1/src/xfns.c +@@ -9805,8 +9805,17 @@ + return 0; + } + +- width = img->width = max (gif->SWidth, gif->Image.Left + gif->Image.Width); +- height = img->height = max (gif->SHeight, gif->Image.Top + gif->Image.Height); ++ image_top = gif->SavedImages[ino].ImageDesc.Top; ++ image_left = gif->SavedImages[ino].ImageDesc.Left; ++ image_width = gif->SavedImages[ino].ImageDesc.Width; ++ image_height = gif->SavedImages[ino].ImageDesc.Height; ++ ++ width = img->width = max (gif->SWidth, ++ max (gif->Image.Left + gif->Image.Width, ++ image_left + image_width)); ++ height = img->height = max (gif->SHeight, ++ max (gif->Image.Top + gif->Image.Height, ++ image_top + image_height)); + + /* Create the X image and pixmap. */ + if (!x_create_x_image_and_pixmap (f, width, height, 0, &ximg, &img->pixmap)) +@@ -9839,11 +9848,6 @@ + requires more than can be done here (see the gif89 spec, + disposal methods). Let's simply assume that the part + not covered by a sub-image is in the frame's background color. */ +- image_top = gif->SavedImages[ino].ImageDesc.Top; +- image_left = gif->SavedImages[ino].ImageDesc.Left; +- image_width = gif->SavedImages[ino].ImageDesc.Width; +- image_height = gif->SavedImages[ino].ImageDesc.Height; +- + for (y = 0; y < image_top; ++y) + for (x = 0; x < width; ++x) + XPutPixel (ximg, x, y, FRAME_BACKGROUND_PIXEL (f));
signature.asc
Description: This is a digitally signed message part.
