Package: release.debian.org Severity: normal Tags: buster User: [email protected] Usertags: pu
Hi, Please approve the following update for buster fixing a CVE: diff -Nru csync2-2.0-22-gce67c55/debian/changelog csync2-2.0-22-gce67c55/debian/changelog --- csync2-2.0-22-gce67c55/debian/changelog 2018-10-06 23:05:46.000000000 +0200 +++ csync2-2.0-22-gce67c55/debian/changelog 2020-04-05 12:55:07.000000000 +0200 @@ -1,3 +1,9 @@ +csync2 (2.0-22-gce67c55-1+deb10u1) buster; urgency=medium + + * Add patch for CVE-2019-15522 (Closes: #955445) + + -- Valentin Vidic <[email protected]> Sun, 05 Apr 2020 12:55:07 +0200 + csync2 (2.0-22-gce67c55-1) unstable; urgency=medium * New upstream version 2.0-22-gce67c55 diff -Nru csync2-2.0-22-gce67c55/debian/patches/CVE-2019-15522.patch csync2-2.0-22-gce67c55/debian/patches/CVE-2019-15522.patch --- csync2-2.0-22-gce67c55/debian/patches/CVE-2019-15522.patch 1970-01-01 01:00:00.000000000 +0100 +++ csync2-2.0-22-gce67c55/debian/patches/CVE-2019-15522.patch 2020-04-05 12:51:42.000000000 +0200 @@ -0,0 +1,21 @@ +From 0ecfc333da51575f188dd7cf6ac4974d13a800b1 Mon Sep 17 00:00:00 2001 +From: Malte Kraus <[email protected]> +Date: Tue, 13 Aug 2019 11:25:57 +0200 +Subject: [PATCH] fail HELLO command when SSL is required + +--- + daemon.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/daemon.c b/daemon.c +index 2d8407d..2a1a8af 100644 +--- a/daemon.c ++++ b/daemon.c +@@ -747,6 +747,7 @@ void csync_daemon_session() + goto conn_without_ssl_ok; + } + cmd_error = conn_response(CR_ERR_SSL_EXPECTED); ++ peer = NULL; + } + conn_without_ssl_ok:; + #endif diff -Nru csync2-2.0-22-gce67c55/debian/patches/series csync2-2.0-22-gce67c55/debian/patches/series --- csync2-2.0-22-gce67c55/debian/patches/series 2018-04-18 22:30:48.000000000 +0200 +++ csync2-2.0-22-gce67c55/debian/patches/series 2020-04-05 12:51:17.000000000 +0200 @@ -3,3 +3,4 @@ spelling.patch fix-manpage-header.patch fix-parallel-build.patch +CVE-2019-15522.patch -- Valentin
