Control: tags 944012 + patch Control: tags 944012 + pending
Dear maintainer, I've prepared an NMU for freetds (versioned as 1.1.6-1.1) and uploaded it to DELAYED/10. Please feel free to tell me if I should delay it longer. Regards, Salvatore
diff -u freetds-1.1.6/debian/changelog freetds-1.1.6/debian/changelog --- freetds-1.1.6/debian/changelog +++ freetds-1.1.6/debian/changelog @@ -1,3 +1,10 @@ +freetds (1.1.6-1.1) unstable; urgency=medium + + * Non-maintainer upload. + * tds: Make sure UDT has varint set to 8 (CVE-2019-13508) (Closes: #944012) + + -- Salvatore Bonaccorso <[email protected]> Wed, 01 Jan 2020 21:09:16 +0100 + freetds (1.1.6-1) unstable; urgency=medium * New upstream release. diff -u freetds-1.1.6/src/tds/data.c freetds-1.1.6/src/tds/data.c --- freetds-1.1.6/src/tds/data.c +++ freetds-1.1.6/src/tds/data.c @@ -1428,6 +1428,7 @@ tds_get_string(tds, tds_get_usmallint(tds), NULL, 0); col->column_size = 0x7ffffffflu; + col->column_varint_size = 8; return TDS_SUCCESS; } @@ -1435,6 +1436,7 @@ TDS_INT tds_clrudt_row_len(TDSCOLUMN *col) { + col->column_varint_size = 8; /* TODO save other fields */ return sizeof(TDSBLOB); }
