Shame /o\ On 04/02/2019 22:26, Adam D. Barratt wrote: > Control: tags -1 + confirmed > > On Mon, 2019-01-28 at 14:35 +0100, kaliko wrote: >> On 27/01/2019 09:14, Salvatore Bonaccorso wrote: >>> On Thu, Jan 17, 2019 at 01:44:14PM +0100, kaliko wrote: > [...] >>>> Update fixing CVE-2018-9240 / #894724 >>> […]> Please use for consistency (although that would be possible if >>> 0.25-0.2 was never used) rather 0.25-0.1+deb9u1 for the version. >> >> I updated the patch according to your review (find attached). > > The diff you provided is reversed. Please feel free to upload the > correctly-applied version.
Sorry for that, here is the correct patch. Thanks k
diff -Nru ncmpc-0.25/debian/changelog ncmpc-0.25/debian/changelog --- ncmpc-0.25/debian/changelog 2016-10-28 07:05:23.000000000 +0200 +++ ncmpc-0.25/debian/changelog 2019-01-16 12:51:14.000000000 +0100 @@ -1,3 +1,10 @@ +ncmpc (0.25-0.1+deb9u1) stretch; urgency=medium + + * Non-maintainer upload. + * Fix CVE-2018-9240 (Closes: #894724) + + -- Geoffroy Youri Berret <ef...@azylum.org> Wed, 16 Jan 2019 12:51:14 +0100 + ncmpc (0.25-0.1) unstable; urgency=medium * Non-maintainer upload. diff -Nru ncmpc-0.25/debian/patches/fix-CVE-2018-9240.patch ncmpc-0.25/debian/patches/fix-CVE-2018-9240.patch --- ncmpc-0.25/debian/patches/fix-CVE-2018-9240.patch 1970-01-01 01:00:00.000000000 +0100 +++ ncmpc-0.25/debian/patches/fix-CVE-2018-9240.patch 2019-01-16 12:51:14.000000000 +0100 @@ -0,0 +1,19 @@ +Description: Fix NULL dereference on long messages +Author: Jonathan Neuschäfer <j.neuschae...@gmx.net> +Origin: https://bugs.debian.org/894724 +Applied-Upstream: v0.30 +Last-Update: 2019-01-16 +--- +This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ +--- a/src/mpdclient.h ++++ b/src/mpdclient.h +@@ -76,6 +76,9 @@ + static inline bool + mpdclient_finish_command(struct mpdclient *c) + { ++ if (!c->connection) ++ return false; ++ + return mpd_response_finish(c->connection) + ? true : mpdclient_handle_error(c); + } diff -Nru ncmpc-0.25/debian/patches/series ncmpc-0.25/debian/patches/series --- ncmpc-0.25/debian/patches/series 2016-10-28 07:05:23.000000000 +0200 +++ ncmpc-0.25/debian/patches/series 2019-01-16 12:51:14.000000000 +0100 @@ -1 +1,2 @@ lirc.patch +fix-CVE-2018-9240.patch
signature.asc
Description: OpenPGP digital signature