Dear Maintainer, there is a new upstream version, which fixes this issue. Please, could you integrate this critical patch in bookworm?
Here the link: http://ftp.gnu.org/gnu/cgicc/cgicc-3.2.20.tar.gz With best regards Andreas -- team member “long-term preservation“ Saxon State- and University Library Dresden (SLUB) Department 2 (IT), Division 2.3 (infrastructure and digital long-term preservation) Zellescher Weg 18 | 01069 Dresden phone: +49 351 4677 763 E-Mail: andreas.rome...@slub-dresden.de http://www.slub-dresden.de/ | @slubdresden > -----Ursprüngliche Nachricht----- > Von: Romeyke, Andreas > Gesendet: Freitag, 23. Juli 2021 13:01 > An: '985...@bugs.debian.org' <985...@bugs.debian.org> > Betreff: Fix available (attached): Bug#985941: Acknowledgement (libcgicc3: > wrong file length if file upload via POST as "multipart/form-data") > > > Dear Maintainer, > > the fix is very easy: > > The problem is the line 494 in Cgicc.cpp, the '-2' is wrong, because at end of > file content there is no trailing \r\n. The comment in lin 492 is wrong, too. > > The fix is easy: > -------------------------------------------- > Index: cgicc/Cgicc.cpp > ========================================================== > ========= > RCS file: /sources/cgicc/cgicc/cgicc/Cgicc.cpp,v > retrieving revision 1.34 > diff -b -d -u -r1.34 Cgicc.cpp > --- cgicc/Cgicc.cpp 23 Apr 2014 20:55:04 -0000 1.34 > +++ cgicc/Cgicc.cpp 23 Jul 2021 10:25:58 -0000 > @@ -489,9 +489,9 @@ > if(std::string::npos == headLimit) > throw std::runtime_error("Malformed input"); > > - // Extract the value - there is still a trailing CR/LF to be subtracted off > + // Extract the value > std::string::size_type valueStart = headLimit + end.length(); > - std::string value = data.substr(valueStart, data.length() - valueStart - > 2); > + std::string value = data.substr(valueStart, data.length() - > + valueStart); > > // Parse the header - pass trailing CR/LF x 2 to parseHeader > MultipartHeader head = parseHeader(data.substr(0, valueStart)); > -------------------------------------------- > > With best regards > > Andreas > -- > team member “long-term preservation“ > > Saxon State- and University Library Dresden (SLUB) Department 2 (IT), > Division 2.3 (infrastructure and digital long-term preservation) Zellescher > Weg 18 | 01069 Dresden > phone: +49 351 4677 763 > E-Mail: andreas.rome...@slub-dresden.de http://www.slub-dresden.de/ > | @slubdresden > > > -----Ursprüngliche Nachricht----- > Von: Debian Bug Tracking System <ow...@bugs.debian.org> > Gesendet: Freitag, 26. März 2021 14:27 > An: Romeyke, Andreas <andreas.rome...@slub-dresden.de> > Betreff: Bug#985941: Acknowledgement (libcgicc3: wrong file length if file > upload via POST as "multipart/form-data") > > Thank you for filing a new Bug report with Debian. > > You can follow progress on this Bug here: 985941: > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985941. > > This is an automatically generated reply to let you know your message has > been received. > > Your message is being forwarded to the package maintainers and other > interested parties for their attention; they will reply in due course. > > Your message has been sent to the package maintainer(s): > Chris Butler <chr...@debian.org> > > If you wish to submit further information on this problem, please send it to > 985...@bugs.debian.org. > > Please do not send mail to ow...@bugs.debian.org unless you wish to > report a problem with the Bug-tracking system. > > -- > 985941: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985941 > Debian Bug Tracking System > Contact ow...@bugs.debian.org with problems
smime.p7s
Description: S/MIME cryptographic signature