Bug#919576: stretch-pu: package ncmpc/0.25-0.1

Tue, 05 Feb 2019 00:27:25 -0800 

Shame /o\

On 04/02/2019 22:26, Adam D. Barratt wrote:
> Control: tags -1 + confirmed
> 
> On Mon, 2019-01-28 at 14:35 +0100, kaliko wrote:
>> On 27/01/2019 09:14, Salvatore Bonaccorso wrote:
>>> On Thu, Jan 17, 2019 at 01:44:14PM +0100, kaliko wrote:
> [...]
>>>> Update fixing CVE-2018-9240 / #894724
>>> […]> Please use for consistency (although that would be possible if
>>> 0.25-0.2 was never used) rather 0.25-0.1+deb9u1 for the version.
>>
>> I updated the patch according to your review (find attached).
> 
> The diff you provided is reversed. Please feel free to upload the
> correctly-applied version.


Sorry for that, here is the correct patch.

Thanks
k

diff -Nru ncmpc-0.25/debian/changelog ncmpc-0.25/debian/changelog
--- ncmpc-0.25/debian/changelog	2016-10-28 07:05:23.000000000 +0200
+++ ncmpc-0.25/debian/changelog	2019-01-16 12:51:14.000000000 +0100
@@ -1,3 +1,10 @@
+ncmpc (0.25-0.1+deb9u1) stretch; urgency=medium
+
+  * Non-maintainer upload.
+  * Fix CVE-2018-9240 (Closes: #894724)
+
+ -- Geoffroy Youri Berret <ef...@azylum.org>  Wed, 16 Jan 2019 12:51:14 +0100
+
 ncmpc (0.25-0.1) unstable; urgency=medium
 
   * Non-maintainer upload.
diff -Nru ncmpc-0.25/debian/patches/fix-CVE-2018-9240.patch ncmpc-0.25/debian/patches/fix-CVE-2018-9240.patch
--- ncmpc-0.25/debian/patches/fix-CVE-2018-9240.patch	1970-01-01 01:00:00.000000000 +0100
+++ ncmpc-0.25/debian/patches/fix-CVE-2018-9240.patch	2019-01-16 12:51:14.000000000 +0100
@@ -0,0 +1,19 @@
+Description: Fix NULL dereference on long messages
+Author: Jonathan Neuschäfer <j.neuschae...@gmx.net>
+Origin: https://bugs.debian.org/894724
+Applied-Upstream: v0.30
+Last-Update: 2019-01-16
+---
+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
+--- a/src/mpdclient.h
++++ b/src/mpdclient.h
+@@ -76,6 +76,9 @@
+ static inline bool
+ mpdclient_finish_command(struct mpdclient *c)
+ {
++	if (!c->connection)
++		return false;
++
+ 	return mpd_response_finish(c->connection)
+ 		? true : mpdclient_handle_error(c);
+ }
diff -Nru ncmpc-0.25/debian/patches/series ncmpc-0.25/debian/patches/series
--- ncmpc-0.25/debian/patches/series	2016-10-28 07:05:23.000000000 +0200
+++ ncmpc-0.25/debian/patches/series	2019-01-16 12:51:14.000000000 +0100
@@ -1 +1,2 @@
 lirc.patch
+fix-CVE-2018-9240.patch

Attachment: signature.asc
Description: OpenPGP digital signature

Reply via email to