Hi I've prepared a new NMU for oftc-hybrid (versioned as 1.6.3.dfsg-1.1) I had contact with the maintainer and he said this nmu would be ok if I mention the DSA number to the changelog.
Regards Martijn van Brummelen
diff -u oftc-hybrid-1.6.3.dfsg/debian/patches/series oftc-hybrid-1.6.3.dfsg/debian/patches/series --- oftc-hybrid-1.6.3.dfsg/debian/patches/series +++ oftc-hybrid-1.6.3.dfsg/debian/patches/series @@ -1,3 +1,4 @@ +int_underflow.patch destdir defaults respond-manpage diff -u oftc-hybrid-1.6.3.dfsg/debian/changelog oftc-hybrid-1.6.3.dfsg/debian/changelog --- oftc-hybrid-1.6.3.dfsg/debian/changelog +++ oftc-hybrid-1.6.3.dfsg/debian/changelog @@ -1,3 +1,11 @@ +oftc-hybrid (1.6.3.dfsg-1.1) unstable; urgency=low + + * Non-maintainer upload. + * Added int_underflow.patch(thanks to Steffen Joeris) + Fixes (DSA-1980-1)/(CVE-2009-4016) (Closes: #567193). + + -- Martijn van Brummelen <mart...@brumit.nl> Tue, 11 May 2010 20:18:12 +0200 + oftc-hybrid (1.6.3.dfsg-1) unstable; urgency=low * New upstream version. only in patch2: unchanged: --- oftc-hybrid-1.6.3.dfsg.orig/debian/patches/int_underflow.patch +++ oftc-hybrid-1.6.3.dfsg/debian/patches/int_underflow.patch @@ -0,0 +1,14 @@ +Index: oftc-hybrid-1.6.3.dfsg/src/irc_string.c +=================================================================== +--- oftc-hybrid-1.6.3.dfsg.orig/src/irc_string.c 2010-05-11 20:16:04.000000000 +0200 ++++ oftc-hybrid-1.6.3.dfsg/src/irc_string.c 2010-05-11 20:18:00.000000000 +0200 +@@ -103,7 +103,9 @@ + } + else + *d++ = *src; ++ if (len > 0) { + ++src, --len; ++ } + } + *d = '\0'; + return dest;