Hi, On Thu, Jan 17, 2019 at 01:44:14PM +0100, kaliko wrote: > Package: release.debian.org > Severity: normal > Tags: stretch > User: release.debian....@packages.debian.org > Usertags: pu > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA512 > > Hi > > Update fixing CVE-2018-9240 / #894724 > > Source for this patch are on salsa, branch stretch-pu: > > https://salsa.debian.org/kaliko-guest/ncmpc-gbp/tree/stretch-pu > > - -------------------------8<----------------------- > > +--- a/src/mpdclient.h > ++++ b/src/mpdclient.h > +@@ -76,6 +76,9 @@ > + static inline bool > + mpdclient_finish_command(struct mpdclient *c) > + { > ++ if (!c->connection) > ++ return false; > ++ > + return mpd_response_finish(c->connection) > + ? true : mpdclient_handle_error(c); > + } > > - ------------------------->8----------------------- > > See attached debdiff. > Cheers > > -----BEGIN PGP SIGNATURE----- > > iQJGBAEBCgAwFiEEE5yJWkSiFjoTmimKdwOcUqy2lK4FAlxAeJ0SHGthbGlrb0Bh > enlsdW0ub3JnAAoJEHcDnFKstpSuMYQP/ihkQJeHx8oyexwcnLyeYo1NJNPnMJTZ > 6fkVMCSrlCtTw43zRDgKTbau6ODIygP8N+mD7eJzXIQmuToO5TkQNaZj1MBAxgMt > PWiNQiJ/Lh/SAmZcGuvUpPMbu/puyiZhJFbMakaZtqoVmIFCnV2zqCMZ5rxM4lRb > mRFyPnpn4bW7aXGSCM6AT1gqOkPpV/jIFvaF4c4wQXQvT67yGdC4NPP5cP8EpdgG > ZJlK89EsWEifGe9vV8qEfUHRO4KN8/FD3KFqYpsiMgQ/a/T6QMnucQqXKnv8xdpr > K9cyZiCn128Jb+a1qGBSKpdBWfw6NcBaDxIpNqb+qu6Coa3pNkrelf+T1Z+pA6lP > 8zwola012bn3+HIkWP/BaSpbMO3A2SqU3bZuRZ/ooIbK+bYVQVTNnnoYm3dNjiv5 > roP5PcB/TjMA6Tg4VVWyz1qjSZ189bNIkZ7S5aIsg5NGtEB4RjZN9WSYqVL31pki > UO3Ome6/YVtzxQ+msZsXmjP+4/pZZVORDEghtXOkmUhn55GgOZ5i5PVzbNZAV/AN > 4EMCpUQmbQ1AWN2apflfa0TfSjTsUWXM8PRp3demxroRwjChhYhcscVK79GS5jUP > 0t6wOSebgy47wSSo1ZkJtTJ1LcfexqwTONQs4o6hvHum6GIYUOpSlij7rU0MGbAw > c+DTGh+iG3Ik > =v9xZ > -----END PGP SIGNATURE-----
> diff -Nru ncmpc-0.25/debian/changelog ncmpc-0.25/debian/changelog > --- ncmpc-0.25/debian/changelog 2016-10-28 07:05:23.000000000 +0200 > +++ ncmpc-0.25/debian/changelog 2019-01-16 12:51:14.000000000 +0100 > @@ -1,3 +1,10 @@ > +ncmpc (0.25-0.2) stretch; urgency=medium Please use for consistency (although that would be possible if 0.25-0.2 was never used) rather 0.25-0.1+deb9u1 for the version. Regards, Salvatore