Hi,
I uploaded an NMU of your package.
Please see this as help to get the package into a releaseable condition for
etch.
Please find the used diff below.
Cheers,
Andi
diff -Nur ../vlc-0.8.6-svn20061012.debian~~/debian/changelog
../vlc-0.8.6-svn20061012.debian/debian/changelog
--- ../vlc-0.8.6-svn20061012.debian~~/debian/changelog 2006-12-23
19:18:21.000000000 +0000
+++ ../vlc-0.8.6-svn20061012.debian/debian/changelog 2007-01-06
23:08:27.000000000 +0000
@@ -1,3 +1,11 @@
+vlc (0.8.6-svn20061012.debian-1.2) unstable; urgency=high
+
+ * Non-maintainer upload.
+ * Fix format string vulnerability with patch
+ MOAB-02-01-2007-CVE-2007-0017.patch, CVE-2007-0017. Closes: #405425
+
+ -- Andreas Barth <[EMAIL PROTECTED]> Sat, 6 Jan 2007 23:07:51 +0000
+
vlc (0.8.6-svn20061012.debian-1.1) unstable; urgency=high
* Non-maintainer upload.
diff -Nur
../vlc-0.8.6-svn20061012.debian~~/debian/patches/MOAB-02-01-2007-CVE-2007-0017.patch
../vlc-0.8.6-svn20061012.debian/debian/patches/MOAB-02-01-2007-CVE-2007-0017.patch
---
../vlc-0.8.6-svn20061012.debian~~/debian/patches/MOAB-02-01-2007-CVE-2007-0017.patch
1970-01-01 00:00:00.000000000 +0000
+++
../vlc-0.8.6-svn20061012.debian/debian/patches/MOAB-02-01-2007-CVE-2007-0017.patch
2007-01-03 15:55:03.000000000 +0000
@@ -0,0 +1,68 @@
+diff -ru vlc-0.8.6.orig/modules/access/cdda/access.c
vlc-0.8.6/modules/access/cdda/access.c
+--- vlc-0.8.6.orig/modules/access/cdda/access.c 2007-01-03
10:01:09.000000000 +0100
++++ vlc-0.8.6/modules/access/cdda/access.c 2007-01-03 10:02:45.000000000
+0100
+@@ -89,17 +89,17 @@
+ case CDIO_LOG_DEBUG:
+ case CDIO_LOG_INFO:
+ if (p_cdda->i_debug & INPUT_DBG_CDIO)
+- msg_Dbg( p_cdda_input, message);
++ msg_Dbg( p_cdda_input, "%s", message);
+ break;
+ case CDIO_LOG_WARN:
+- msg_Warn( p_cdda_input, message);
++ msg_Warn( p_cdda_input, "%s", message);
+ break;
+ case CDIO_LOG_ERROR:
+ case CDIO_LOG_ASSERT:
+- msg_Err( p_cdda_input, message);
++ msg_Err( p_cdda_input, "%s", message);
+ break;
+ default:
+- msg_Warn( p_cdda_input, message,
++ msg_Warn( p_cdda_input, "%s\n%s %d", message,
+ "the above message had unknown cdio log level",
+ level);
+ }
+diff -ru vlc-0.8.6.orig/modules/access/vcdx/access.c
vlc-0.8.6/modules/access/vcdx/access.c
+--- vlc-0.8.6.orig/modules/access/vcdx/access.c 2007-01-03
10:01:10.000000000 +0100
++++ vlc-0.8.6/modules/access/vcdx/access.c 2007-01-03 10:01:52.000000000
+0100
+@@ -92,17 +92,17 @@
+ case CDIO_LOG_DEBUG:
+ case CDIO_LOG_INFO:
+ if (p_vcdplayer->i_debug & INPUT_DBG_CDIO)
+- msg_Dbg( p_vcd_access, message);
++ msg_Dbg( p_vcd_access, "%s", message);
+ break;
+ case CDIO_LOG_WARN:
+- msg_Warn( p_vcd_access, message);
++ msg_Warn( p_vcd_access, "%s", message);
+ break;
+ case CDIO_LOG_ERROR:
+ case CDIO_LOG_ASSERT:
+- msg_Err( p_vcd_access, message);
++ msg_Err( p_vcd_access, "%s", message);
+ break;
+ default:
+- msg_Warn( p_vcd_access, message,
++ msg_Warn( p_vcd_access, "%s\n%s %d", message,
+ _("The above message had unknown log level"),
+ level);
+ }
+@@ -118,14 +118,14 @@
+ case VCD_LOG_DEBUG:
+ case VCD_LOG_INFO:
+ if (p_vcdplayer->i_debug & INPUT_DBG_VCDINFO)
+- msg_Dbg( p_vcd_access, message);
++ msg_Dbg( p_vcd_access, "%s", message);
+ break;
+ case VCD_LOG_WARN:
+- msg_Warn( p_vcd_access, message);
++ msg_Warn( p_vcd_access, "%s", message);
+ break;
+ case VCD_LOG_ERROR:
+ case VCD_LOG_ASSERT:
+- msg_Err( p_vcd_access, message);
++ msg_Err( p_vcd_access, "%s", message);
+ break;
+ default:
+ msg_Warn( p_vcd_access, "%s\n%s %d", message,
diff -Nur ../vlc-0.8.6-svn20061012.debian~~/debian/patches/series
../vlc-0.8.6-svn20061012.debian/debian/patches/series
--- ../vlc-0.8.6-svn20061012.debian~~/debian/patches/series 2006-12-12
14:00:25.000000000 +0000
+++ ../vlc-0.8.6-svn20061012.debian/debian/patches/series 2007-01-06
23:07:30.000000000 +0000
@@ -5,3 +5,4 @@
020_dejavu_font.diff
020_notify.diff
020_certificates_paths.diff
+MOAB-02-01-2007-CVE-2007-0017.patch
--
http://home.arcor.de/andreas-barth/
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
