Hi
I've prepared a new NMU for oftc-hybrid (versioned as 1.6.3.dfsg-1.1)
I had contact with the maintainer and he said this nmu would be ok
if I mention the DSA number to the changelog.
Regards
Martijn van Brummelen
diff -u oftc-hybrid-1.6.3.dfsg/debian/patches/series oftc-hybrid-1.6.3.dfsg/debian/patches/series
--- oftc-hybrid-1.6.3.dfsg/debian/patches/series
+++ oftc-hybrid-1.6.3.dfsg/debian/patches/series
@@ -1,3 +1,4 @@
+int_underflow.patch
destdir
defaults
respond-manpage
diff -u oftc-hybrid-1.6.3.dfsg/debian/changelog oftc-hybrid-1.6.3.dfsg/debian/changelog
--- oftc-hybrid-1.6.3.dfsg/debian/changelog
+++ oftc-hybrid-1.6.3.dfsg/debian/changelog
@@ -1,3 +1,11 @@
+oftc-hybrid (1.6.3.dfsg-1.1) unstable; urgency=low
+
+ * Non-maintainer upload.
+ * Added int_underflow.patch(thanks to Steffen Joeris)
+ Fixes (DSA-1980-1)/(CVE-2009-4016) (Closes: #567193).
+
+ -- Martijn van Brummelen <mart...@brumit.nl> Tue, 11 May 2010 20:18:12 +0200
+
oftc-hybrid (1.6.3.dfsg-1) unstable; urgency=low
* New upstream version.
only in patch2:
unchanged:
--- oftc-hybrid-1.6.3.dfsg.orig/debian/patches/int_underflow.patch
+++ oftc-hybrid-1.6.3.dfsg/debian/patches/int_underflow.patch
@@ -0,0 +1,14 @@
+Index: oftc-hybrid-1.6.3.dfsg/src/irc_string.c
+===================================================================
+--- oftc-hybrid-1.6.3.dfsg.orig/src/irc_string.c 2010-05-11 20:16:04.000000000 +0200
++++ oftc-hybrid-1.6.3.dfsg/src/irc_string.c 2010-05-11 20:18:00.000000000 +0200
+@@ -103,7 +103,9 @@
+ }
+ else
+ *d++ = *src;
++ if (len > 0) {
+ ++src, --len;
++ }
+ }
+ *d = '\0';
+ return dest;
