Bug#780101: librest: Invalid pointer dereference

Mon, 09 Mar 2015 06:33:54 -0700 

Moritz Muehlenhoff 於 2015年03月09日 18:31 寫道:
> Package: librest
> Severity: grave
> Tags: security
> Justification: user security hole
> 
> The following fix was identified to be a security-relevant:
> https://bugzilla.gnome.org/show_bug.cgi?id=742644
> 
> Please see Florian's CVE request for further information:
> http://www.openwall.com/lists/oss-security/2015/03/04/6
> 
> Fix:
> https://git.gnome.org/browse/librest/commit/?id=b50ace7738ea038
> 
> Cheers,
>         Moritz
> 

I'll fix this soon.


-- 
                                PaulLiu (劉穎駿)
E-mail: Ying-Chun Liu (PaulLiu) <[email protected]>

diff -Nru librest-0.7.92/debian/changelog librest-0.7.92/debian/changelog
--- librest-0.7.92/debian/changelog	2014-10-23 22:40:41.000000000 +0800
+++ librest-0.7.92/debian/changelog	2015-03-09 21:01:56.000000000 +0800
@@ -1,3 +1,10 @@
+librest (0.7.92-3) unstable; urgency=medium
+
+  * Add debian/patches/03_fix_invalid_pointer_reference.patch
+    - fix invalid pointer dereference (Closes: #780101)
+
+ -- Ying-Chun Liu (PaulLiu) <[email protected]>  Mon, 09 Mar 2015 21:01:02 +0800
+
 librest (0.7.92-2) unstable; urgency=medium
 
   * Add debian/patches/02_thread-tests-sleep-for-server-to-start.patch
diff -Nru librest-0.7.92/debian/patches/03_fix_invalid_pointer_reference.patch librest-0.7.92/debian/patches/03_fix_invalid_pointer_reference.patch
--- librest-0.7.92/debian/patches/03_fix_invalid_pointer_reference.patch	1970-01-01 08:00:00.000000000 +0800
+++ librest-0.7.92/debian/patches/03_fix_invalid_pointer_reference.patch	2015-03-09 21:00:57.000000000 +0800
@@ -0,0 +1,18 @@
+From: Christophe Fergeau <[email protected]>
+Description: oauth: Add missing include
+ This fixes a compilation warning about a missing prototype. 
+Origin: upstream, https://git.gnome.org/browse/librest/commit/?id=b50ace7738ea038
+Bug: https://bugzilla.gnome.org/show_bug.cgi?id=742644
+Bug-Debian: https://bugs.debian.org/780101
+Index: librest-0.7.92/rest/oauth-proxy-call.c
+===================================================================
+--- librest-0.7.92.orig/rest/oauth-proxy-call.c
++++ librest-0.7.92/rest/oauth-proxy-call.c
+@@ -25,6 +25,7 @@
+ #include <rest/rest-proxy-call.h>
+ #include "oauth-proxy-call.h"
+ #include "oauth-proxy-private.h"
++#include "rest-proxy-call-private.h"
+ #include "sha1.h"
+ 
+ G_DEFINE_TYPE (OAuthProxyCall, oauth_proxy_call, REST_TYPE_PROXY_CALL)
diff -Nru librest-0.7.92/debian/patches/series librest-0.7.92/debian/patches/series
--- librest-0.7.92/debian/patches/series	2014-10-23 22:30:42.000000000 +0800
+++ librest-0.7.92/debian/patches/series	2015-03-09 20:56:35.000000000 +0800
@@ -1,2 +1,3 @@
 01_disable-network-tests.patch
 02_thread-tests-sleep-for-server-to-start.patch
+03_fix_invalid_pointer_reference.patch

Attachment: signature.asc
Description: OpenPGP digital signature

Reply via email to