tag 378091 + patch
thanks
Hi,
Attached is the diff for my libtunepimp 0.4.2-3.0etch1 NMU.
The reason for uploading to t-p-u is that migration from unstable is
blocked by perl.
--
Adeodato Simó dato at net.com.org.es
Debian Developer adeodato at debian.org
A conference is a gathering of important people who singly can do nothing
but together can decide that nothing can be done.
-- Fred Allen
diff -u libtunepimp-0.4.2/debian/changelog libtunepimp-0.4.2/debian/changelog
--- libtunepimp-0.4.2/debian/changelog
+++ libtunepimp-0.4.2/debian/changelog
@@ -1,3 +1,14 @@
+libtunepimp (0.4.2-3.0etch1) testing-proposed-updates; urgency=high
+
+ * Non-maintainer upload.
+
+ * Upload to t-p-u since migration via unstable is blocked by perl.
+
+ * Fix CVE-2006-3600, stack-based buffer overflows in LookupTRM::lookup().
+ (Closes: #378091) [Package does not use patch system, fix in diff.gz.]
+
+ -- Adeodato Simó <[EMAIL PROTECTED]> Sat, 22 Jul 2006 20:32:17 +0200
+
libtunepimp (0.4.2-3) unstable; urgency=high
* debian/rules: add "LD_RUN_PATH=" to perl make invokation to get rid of the
only in patch2:
unchanged:
--- libtunepimp-0.4.2.orig/lib/lookuptools.cpp
+++ libtunepimp-0.4.2/lib/lookuptools.cpp
@@ -51,7 +51,7 @@
musicbrainz_t o;
char *args[7];
int ret, trackNum;
- char error[255], data[255], trackURI[256],
+ char error[256], data[256], trackURI[256],
artistURI[256], albumURI[256];
char temp[100], duration[100], status[100];
@@ -160,7 +160,7 @@
if (mb_Select1(o, MBS_SelectReleaseDate, j))
{
// Pull back the release date and release country
- if (mb_GetResultData(o, MBE_ReleaseGetDate, temp, 256))
+ if (mb_GetResultData(o, MBE_ReleaseGetDate, temp, 100))
{
int month = 0, day = 0, year = 0;
