Your message dated Sat, 27 Apr 2019 11:14:32 +0100
with message-id <[email protected]>
and subject line Closing bugs for updates included in 9.9
has caused the Debian Bug report #919576,
regarding stretch-pu: package ncmpc/0.25-0.1
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
919576: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=919576
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
Tags: stretch
User: [email protected]
Usertags: pu
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Hi
Update fixing CVE-2018-9240 / #894724
Source for this patch are on salsa, branch stretch-pu:
https://salsa.debian.org/kaliko-guest/ncmpc-gbp/tree/stretch-pu
- -------------------------8<-----------------------
+--- a/src/mpdclient.h
++++ b/src/mpdclient.h
+@@ -76,6 +76,9 @@
+ static inline bool
+ mpdclient_finish_command(struct mpdclient *c)
+ {
++ if (!c->connection)
++ return false;
++
+ return mpd_response_finish(c->connection)
+ ? true : mpdclient_handle_error(c);
+ }
- ------------------------->8-----------------------
See attached debdiff.
Cheers
-----BEGIN PGP SIGNATURE-----
iQJGBAEBCgAwFiEEE5yJWkSiFjoTmimKdwOcUqy2lK4FAlxAeJ0SHGthbGlrb0Bh
enlsdW0ub3JnAAoJEHcDnFKstpSuMYQP/ihkQJeHx8oyexwcnLyeYo1NJNPnMJTZ
6fkVMCSrlCtTw43zRDgKTbau6ODIygP8N+mD7eJzXIQmuToO5TkQNaZj1MBAxgMt
PWiNQiJ/Lh/SAmZcGuvUpPMbu/puyiZhJFbMakaZtqoVmIFCnV2zqCMZ5rxM4lRb
mRFyPnpn4bW7aXGSCM6AT1gqOkPpV/jIFvaF4c4wQXQvT67yGdC4NPP5cP8EpdgG
ZJlK89EsWEifGe9vV8qEfUHRO4KN8/FD3KFqYpsiMgQ/a/T6QMnucQqXKnv8xdpr
K9cyZiCn128Jb+a1qGBSKpdBWfw6NcBaDxIpNqb+qu6Coa3pNkrelf+T1Z+pA6lP
8zwola012bn3+HIkWP/BaSpbMO3A2SqU3bZuRZ/ooIbK+bYVQVTNnnoYm3dNjiv5
roP5PcB/TjMA6Tg4VVWyz1qjSZ189bNIkZ7S5aIsg5NGtEB4RjZN9WSYqVL31pki
UO3Ome6/YVtzxQ+msZsXmjP+4/pZZVORDEghtXOkmUhn55GgOZ5i5PVzbNZAV/AN
4EMCpUQmbQ1AWN2apflfa0TfSjTsUWXM8PRp3demxroRwjChhYhcscVK79GS5jUP
0t6wOSebgy47wSSo1ZkJtTJ1LcfexqwTONQs4o6hvHum6GIYUOpSlij7rU0MGbAw
c+DTGh+iG3Ik
=v9xZ
-----END PGP SIGNATURE-----
diff -Nru ncmpc-0.25/debian/changelog ncmpc-0.25/debian/changelog
--- ncmpc-0.25/debian/changelog 2016-10-28 07:05:23.000000000 +0200
+++ ncmpc-0.25/debian/changelog 2019-01-16 12:51:14.000000000 +0100
@@ -1,3 +1,10 @@
+ncmpc (0.25-0.2) stretch; urgency=medium
+
+ * Non-maintainer upload.
+ * Fix CVE-2018-9240 (Closes: #894724)
+
+ -- Geoffroy Youri Berret <[email protected]> Wed, 16 Jan 2019 12:51:14 +0100
+
ncmpc (0.25-0.1) unstable; urgency=medium
* Non-maintainer upload.
diff -Nru ncmpc-0.25/debian/patches/fix-CVE-2018-9240.patch
ncmpc-0.25/debian/patches/fix-CVE-2018-9240.patch
--- ncmpc-0.25/debian/patches/fix-CVE-2018-9240.patch 1970-01-01
01:00:00.000000000 +0100
+++ ncmpc-0.25/debian/patches/fix-CVE-2018-9240.patch 2019-01-16
12:51:14.000000000 +0100
@@ -0,0 +1,19 @@
+Description: Fix NULL dereference on long messages
+Author: Jonathan Neuschäfer <[email protected]>
+Origin: https://bugs.debian.org/894724
+Applied-Upstream: v0.30
+Last-Update: 2019-01-16
+---
+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
+--- a/src/mpdclient.h
++++ b/src/mpdclient.h
+@@ -76,6 +76,9 @@
+ static inline bool
+ mpdclient_finish_command(struct mpdclient *c)
+ {
++ if (!c->connection)
++ return false;
++
+ return mpd_response_finish(c->connection)
+ ? true : mpdclient_handle_error(c);
+ }
diff -Nru ncmpc-0.25/debian/patches/series ncmpc-0.25/debian/patches/series
--- ncmpc-0.25/debian/patches/series 2016-10-28 07:05:23.000000000 +0200
+++ ncmpc-0.25/debian/patches/series 2019-01-16 12:51:14.000000000 +0100
@@ -1 +1,2 @@
lirc.patch
+fix-CVE-2018-9240.patch
--- End Message ---
--- Begin Message ---
Version: 9.9
Hi,
The update referenced by each of these bugs was included in this
morning's stretch point release.
Regards,
Adam
--- End Message ---
