severity 560953 important thanks Hi,
As the security issue is a DoS issue, that isn't a serious one for this client application, so I'm downgrading the severity. Much better though, is to just fix it, so I've uploaded a NMU of 2.1-5.1 with the fix. Attached is the patch I used. cheers, Thijs
diff -u smart-1.2/debian/changelog smart-1.2/debian/changelog --- smart-1.2/debian/changelog +++ smart-1.2/debian/changelog @@ -1,3 +1,11 @@ +smart (1.2-5.1) unstable; urgency=medium + + * Non-maintainer upload by the security team. + * Add 06_CVE-2009-3560 patch to address a minor security issue + (Closes: #560953). + + -- Thijs Kinkhorst <th...@debian.org> Sun, 14 Feb 2010 14:23:15 +0100 + smart (1.2-5) unstable; urgency=low * Add 06_CVE-2009-3720 patch (Closes: #560953) only in patch2: unchanged: --- smart-1.2.orig/debian/patches/06_CVE-2009-3560.patch +++ smart-1.2/debian/patches/06_CVE-2009-3560.patch @@ -0,0 +1,10 @@ +--- smart/util/celementtree/expat/xmlparse.c 2009/09/29 02:49:16 1.164 ++++ smart/util/celementtree/expat/xmlparse.c 2009/11/27 13:34:29 1.165 +@@ -3723,7 +3723,6 @@ + return XML_ERROR_NO_ELEMENTS; + default: + tok = -tok; +- next = end; + break; + } + }
signature.asc
Description: This is a digitally signed message part.