Hi, attached is the debdiff I used for DSA and DTSA
Cheers, Giuseppe.
diff -u netpbm-free-10.0/debian/changelog netpbm-free-10.0/debian/changelog --- netpbm-free-10.0/debian/changelog +++ netpbm-free-10.0/debian/changelog @@ -1,3 +1,11 @@ +netpbm-free (2:10.0-12.1+squeeze1) testing-security; urgency=high + + * Non-maintainer upload by the Security Team. + * Fixed CVE-2009-4274: Stack-based buffer overflow by processing X PixMap + image header fields (Closes: #569060) + + -- Giuseppe Iuculano <[email protected]> Fri, 02 Apr 2010 11:27:22 +0200 + netpbm-free (2:10.0-12.1) unstable; urgency=low [Jari Aalto] diff -u netpbm-free-10.0/ppm/xpmtoppm.c netpbm-free-10.0/ppm/xpmtoppm.c --- netpbm-free-10.0/ppm/xpmtoppm.c +++ netpbm-free-10.0/ppm/xpmtoppm.c @@ -152,7 +152,7 @@ getNumber(char * const p, unsigned int const size) { unsigned int retval; - char * q; + unsigned char * q; retval = 0; for (q = p; q < p+size; ++q) @@ -454,7 +454,8 @@ char line[MAX_LINE+1], str1[MAX_LINE+1], str2[MAX_LINE+1]; char *t1; char *t2; - int format, v; + int format; + unsigned int v; int i, j; bool processedStaticChar; /* We have read up to and interpreted the "static char..." line */
signature.asc
Description: OpenPGP digital signature
