Bug#654785: plib: diff for NMU version 1.8.5-5.1

Sun, 15 Jan 2012 11:27:23 -0800 

Package: plib
Version: 1.8.5-5
Severity: normal
Tags: patch pending

Dear maintainer,

I've prepared an NMU for plib (versioned as 1.8.5-5.1) and
uploaded it to DELAYED/02. Please feel free to tell me if I
should delay it longer.

Cheers

Luk

diff -u plib-1.8.5/debian/changelog plib-1.8.5/debian/changelog
--- plib-1.8.5/debian/changelog
+++ plib-1.8.5/debian/changelog
@@ -1,3 +1,11 @@
+plib (1.8.5-5.1) unstable; urgency=high
+
+  * Non-maintainer upload.
+  * Use vsnprintf to fix buffer overflow CVE-2011-4620 (Closes: #654785).
+  * Don't install .la file anymore (Closes: #633178).
+
+ -- Luk Claes <l...@debian.org>  Sun, 15 Jan 2012 20:13:07 +0100
+
 plib (1.8.5-5) unstable; urgency=low
 
   * Fix FTBFS on hurd. Thanks to Pino Toscano <p...@kde.org>.
diff -u plib-1.8.5/debian/libplib-dev.install plib-1.8.5/debian/libplib-dev.install
--- plib-1.8.5/debian/libplib-dev.install
+++ plib-1.8.5/debian/libplib-dev.install
@@ -1,4 +1,3 @@
 debian/tmp/usr/include
-debian/tmp/usr/lib/*.la
 debian/tmp/usr/lib/*.a
 debian/tmp/usr/lib/*.so
diff -u plib-1.8.5/debian/patches/series plib-1.8.5/debian/patches/series
--- plib-1.8.5/debian/patches/series
+++ plib-1.8.5/debian/patches/series
@@ -4,0 +5 @@
+04_CVE-2011-4620.diff
only in patch2:
unchanged:
--- plib-1.8.5.orig/debian/patches/04_CVE-2011-4620.diff
+++ plib-1.8.5/debian/patches/04_CVE-2011-4620.diff
@@ -0,0 +1,12 @@
+diff -up plib-1.8.5/src/util/ulError.cxx~ plib-1.8.5/src/util/ulError.cxx
+--- plib-1.8.5/src/util/ulError.cxx~    2008-03-11 03:06:23.000000000 +0100
++++ plib-1.8.5/src/util/ulError.cxx     2011-12-27 15:38:25.305676650 +0100
+@@ -39,7 +39,7 @@ void ulSetError ( enum ulSeverity severi
+ {
+   va_list argp;
+   va_start ( argp, fmt ) ;
+-  vsprintf ( _ulErrorBuffer, fmt, argp ) ;
++  vsnprintf ( _ulErrorBuffer, sizeof(_ulErrorBuffer), fmt, argp ) ;
+   va_end ( argp ) ;
+
+   if ( _ulErrorCB )

Reply via email to