Package: release.debian.org Severity: normal User: release.debian....@packages.debian.org Usertags: unblock
Please unblock package elinks. It fixes CVE-2012-4545. debdiff attached. unblock elinks/0.12~pre5-9 -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 2.6.32-5-amd64 (SMP w/2 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash
diff -u elinks-0.12~pre5/debian/changelog elinks-0.12~pre5/debian/changelog --- elinks-0.12~pre5/debian/changelog +++ elinks-0.12~pre5/debian/changelog @@ -1,3 +1,9 @@ +elinks (0.12~pre5-9) unstable; urgency=medium + + * Fix CVE-2012-4545 + + -- Moritz Mühlenhoff <j...@debian.org> Thu, 01 Nov 2012 10:53:19 +0100 + elinks (0.12~pre5-8) unstable; urgency=low * Apply patch from Guillem Jover to switch to Lua 5.1, thanks! only in patch2: unchanged: --- elinks-0.12~pre5.orig/debian/patches/10-CVE-2012-4545.diff +++ elinks-0.12~pre5/debian/patches/10-CVE-2012-4545.diff @@ -0,0 +1,17 @@ +da18694ff7dd0b67dfcb3c417fb0579b1e7d02d7 + +Fixes CVE-2012-4545 + +diff --git a/src/protocol/http/http_negotiate.c b/src/protocol/http/http_negotiate.c +index 470b071..271b443 100644 +--- a/src/protocol/http/http_negotiate.c ++++ b/src/protocol/http/http_negotiate.c +@@ -188,7 +188,7 @@ http_negotiate_create_context(struct negotiate *neg) + &neg->context, + neg->server_name, + GSS_C_NO_OID, +- GSS_C_DELEG_FLAG, ++ 0, + 0, + GSS_C_NO_CHANNEL_BINDINGS, + &neg->input_token,