tags 454139 + patch thanks Hi, attached is a patch for an NMU to fix this problem. Kind regards Nico
-- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
diff -u pwlib-titan-1.11.2/debian/changelog pwlib-titan-1.11.2/debian/changelog
--- pwlib-titan-1.11.2/debian/changelog
+++ pwlib-titan-1.11.2/debian/changelog
@@ -1,3 +1,12 @@
+pwlib-titan (1.11.2-1.1) unstable; urgency=high
+
+ * Non-maintainer upload by testing-security team.
+ * Fix remote denial of service vulnerability caused
+ by a call to PString::vsprintf if the used object already
+ contained more than 1000 characters (CVE-2007-4897; bug #454139).
+
+ -- Nico Golde <[EMAIL PROTECTED]> Mon, 03 Dec 2007 13:20:05 +0100
+
pwlib-titan (1.11.2-1) unstable; urgency=low
* New upstream release (unstable branch).
diff -u pwlib-titan-1.11.2/debian/patches/00list pwlib-titan-1.11.2/debian/patches/00list
--- pwlib-titan-1.11.2/debian/patches/00list
+++ pwlib-titan-1.11.2/debian/patches/00list
@@ -4,0 +5 @@
+CVE-2007-4897
only in patch2:
unchanged:
--- pwlib-titan-1.11.2.orig/debian/patches/CVE-2007-4897.dpatch
+++ pwlib-titan-1.11.2/debian/patches/CVE-2007-4897.dpatch
@@ -0,0 +1,19 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## CVE-2007-4897.dpatch by Nico Golde <[EMAIL PROTECTED]>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: No description.
+
[EMAIL PROTECTED]@
+diff -urNad pwlib-1.10.10~/src/ptlib/common/contain.cxx pwlib-1.10.10/src/ptlib/common/contain.cxx
+--- pwlib-1.10.10~/src/ptlib/common/contain.cxx 2005-11-30 13:47:41.000000000 +0100
++++ pwlib-1.10.10/src/ptlib/common/contain.cxx 2007-12-03 13:45:00.000000000 +0100
+@@ -2465,7 +2465,7 @@
+ PAssert(SetSize(2000), POutOfMemory);
+ ::vsprintf(theArray+len, fmt, arg);
+ #else
+- PINDEX size = 0;
++ PINDEX size = len;
+ do {
+ size += 1000;
+ PAssert(SetSize(size), POutOfMemory);
pgp8iknsmI9N9.pgp
Description: PGP signature
