tags 649322 + pending thanks Dear Jesus,
I've prepared an NMU for clearsilver (versioned as 0.10.5-1.3) and uploaded it to DELAYED/02 to fix the security issue. Please feel free to tell me if I should delay it longer. Cheers Luk
diff -Nru clearsilver-0.10.5/debian/changelog clearsilver-0.10.5/debian/changelog --- clearsilver-0.10.5/debian/changelog 2011-11-15 16:25:42.000000000 +0100 +++ clearsilver-0.10.5/debian/changelog 2011-12-29 21:58:10.000000000 +0100 @@ -1,3 +1,10 @@ +clearsilver (0.10.5-1.3) unstable; urgency=high + + * Non-maintainer upload. + * Fix format string vulnerability CVE-2011-4357 (Closes: #649322). + + -- Luk Claes <l...@debian.org> Thu, 29 Dec 2011 21:57:11 +0100 + clearsilver (0.10.5-1.2) unstable; urgency=low * Non-maintainer upload. diff -Nru clearsilver-0.10.5/debian/patches/CVE-2011-4357.diff clearsilver-0.10.5/debian/patches/CVE-2011-4357.diff --- clearsilver-0.10.5/debian/patches/CVE-2011-4357.diff 1970-01-01 01:00:00.000000000 +0100 +++ clearsilver-0.10.5/debian/patches/CVE-2011-4357.diff 2011-12-29 21:56:47.000000000 +0100 @@ -0,0 +1,11 @@ +--- a/python/neo_cgi.c ++++ b/python/neo_cgi.c +@@ -178,7 +178,7 @@ + if (!PyArg_ParseTuple(args, "s:error(str)", &s)) + return NULL; + +- cgi_error (cgi, s); ++ cgi_error (cgi, "%s", s); + rv = Py_None; + Py_INCREF(rv); + return rv; diff -Nru clearsilver-0.10.5/debian/patches/series clearsilver-0.10.5/debian/patches/series --- clearsilver-0.10.5/debian/patches/series 2011-11-15 16:24:37.000000000 +0100 +++ clearsilver-0.10.5/debian/patches/series 2011-12-29 21:57:04.000000000 +0100 @@ -1,3 +1,4 @@ perl_installdir.diff man_fixes.diff fix_64bit_crc_test.diff +CVE-2011-4357.diff
