tags 454133 + patch thanks Hi, attached is a patch for an NMU which fixes this bug. It will be also archived on: http://people.debian.org/~nion/nmu-diff/pwlib-1-10.10-1_1.10.10-1.1.patch
Kind regards Nico -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
diff -u pwlib-1.10.10/debian/patches/00list pwlib-1.10.10/debian/patches/00list
--- pwlib-1.10.10/debian/patches/00list
+++ pwlib-1.10.10/debian/patches/00list
@@ -4,0 +5 @@
+CVE-2007-4897
diff -u pwlib-1.10.10/debian/changelog pwlib-1.10.10/debian/changelog
--- pwlib-1.10.10/debian/changelog
+++ pwlib-1.10.10/debian/changelog
@@ -1,3 +1,12 @@
+pwlib (1.10.10-1.1) unstable; urgency=high
+
+ * Non-maintainer upload by testing-security team.
+ * Fix remote denial of service vulnerability caused
+ by a call to PString::vsprintf if the used object already
+ contained more than 1000 characters (CVE-2007-4897; bug #454133).
+
+ -- Nico Golde <[EMAIL PROTECTED]> Mon, 03 Dec 2007 13:17:34 +0100
+
pwlib (1.10.10-1) unstable; urgency=low
* New upstream release. (gcc-4.2 clean. Yeah!)
only in patch2:
unchanged:
--- pwlib-1.10.10.orig/debian/patches/CVE-2007-4897.dpatch
+++ pwlib-1.10.10/debian/patches/CVE-2007-4897.dpatch
@@ -0,0 +1,19 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## CVE-2007-4897.dpatch by Nico Golde <[EMAIL PROTECTED]>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: No description.
+
[EMAIL PROTECTED]@
+diff -urNad pwlib-1.10.2~/src/ptlib/common/contain.cxx pwlib-1.10.2/src/ptlib/common/contain.cxx
+--- pwlib-1.10.2~/src/ptlib/common/contain.cxx 2005-11-30 13:47:41.000000000 +0100
++++ pwlib-1.10.2/src/ptlib/common/contain.cxx 2007-12-03 12:45:19.000000000 +0100
+@@ -1084,7 +1084,7 @@
+
+ void PCharArray::ReadFrom(istream &strm)
+ {
+- PINDEX size = 0;
++ PINDEX size = len;
+ SetSize(size+100);
+
+ while (strm.good()) {
pgp8m5xFsUMxg.pgp
Description: PGP signature
