Hi!
* Alexander Reichle-Schmehl <toli...@debian.org> [100413 15:55]: > I've prepared an NMU [..] Attached is an updated patch which also adds a version to the build-depends on quilt to avoid automatic rejection by ftp-master. Best Regards, Alexander
diff -u liboggplay-0.2.1~git20091227/debian/changelog liboggplay-0.2.1~git20091227/debian/changelog --- liboggplay-0.2.1~git20091227/debian/changelog +++ liboggplay-0.2.1~git20091227/debian/changelog @@ -1,3 +1,15 @@ +liboggplay (0.2.1~git20091227-1.1) unstable; urgency=high + + * Non-maintainer upload. + * Fix CVE-2009-3388 with patch from Matthew Gregan in + http://hg.mozilla.org/releases/mozilla-1.9.1/rev/14dd26404792 + (Closes: #575743) + * Urgency set to high for security related RC bug fix + * Add version (>= 0.46-7~) to build-depen on quilt to avoid ftp-master + auto-reject + + -- Alexander Reichle-Schmehl <toli...@debian.org> Thu, 15 Apr 2010 04:11:22 +0200 + liboggplay (0.2.1~git20091227-1) unstable; urgency=low * Compiling on GNU/kFreeBSD fixed upstream (Closes: #560798). diff -u liboggplay-0.2.1~git20091227/debian/control liboggplay-0.2.1~git20091227/debian/control --- liboggplay-0.2.1~git20091227/debian/control +++ liboggplay-0.2.1~git20091227/debian/control @@ -1,7 +1,7 @@ Source: liboggplay Priority: extra Maintainer: John Francesco Ferlito <jo...@inodes.org> -Build-Depends: debhelper (>= 7.0.50~), quilt, autotools-dev, pkg-config, liboggz-dev, libfishsound-dev, libtheora-dev, libkate-dev, libsndfile-dev +Build-Depends: debhelper (>= 7.0.50~), quilt (>= 0.46-7~), autotools-dev, pkg-config, liboggz-dev, libfishsound-dev, libtheora-dev, libkate-dev, libsndfile-dev Standards-Version: 3.8.3 Section: libs diff -u liboggplay-0.2.1~git20091227/debian/patches/series liboggplay-0.2.1~git20091227/debian/patches/series --- liboggplay-0.2.1~git20091227/debian/patches/series +++ liboggplay-0.2.1~git20091227/debian/patches/series @@ -1 +1,2 @@ +CVE-2009-3388 CVE-2009-3378 only in patch2: unchanged: --- liboggplay-0.2.1~git20091227.orig/debian/patches/CVE-2009-3388 +++ liboggplay-0.2.1~git20091227/debian/patches/CVE-2009-3388 @@ -0,0 +1,18 @@ +--- a/src/liboggplay/oggplay_data.c ++++ b/src/liboggplay/oggplay_data.c +@@ -358,12 +358,9 @@ oggplay_data_handle_cmml_data(OggPlayDec + OggPlayTextRecord * record = NULL; + size_t record_size = sizeof(OggPlayTextRecord); + +- /* check that the size we want to allocate doesn't overflow */ +- if ((size < 0) || (size+1 < 0)) { +- return E_OGGPLAY_TYPE_OVERFLOW; +- } +- size += 1; +- ++ /* Include extra byte for null terminating record data buffer */ ++ record_size += 1; ++ + if + ( + oggplay_check_add_overflow (record_size, size, &record_size)
signature.asc
Description: Digital signature
