Your message dated Mon, 21 Jan 2013 09:18:51 +0000
with message-id <[email protected]>
and subject line Re: Bug#698619: unblock: swath/0.4.3-3
has caused the Debian Bug report #698619,
regarding unblock: swath/0.4.3-3
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
698619: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=698619
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: [email protected]
Usertags: unblock
Please unblock package swath
It fixes potential security hole.
(Security team has been contacted for stable version fix.)
The debdiff has been attached for your review.
unblock swath/0.4.3-3
-- System Information:
Debian Release: 7.0
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=th_TH.utf8, LC_CTYPE=th_TH.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
diff -Nru swath-0.4.3/debian/changelog swath-0.4.3/debian/changelog
--- swath-0.4.3/debian/changelog 2012-08-10 17:54:12.000000000 +0700
+++ swath-0.4.3/debian/changelog 2013-01-16 22:42:14.000000000 +0700
@@ -1,3 +1,12 @@
+swath (0.4.3-3) unstable; urgency=medium
+
+ * Urgency medium for security fix.
+ * debian/patches/01_buffer-overflow.patch: backport patch from upstream
+ to fix potential buffer overflow in Mule mode.
+ Thanks Dominik Maier for the report. (Closes: #698189)
+
+ -- Theppitak Karoonboonyanan <[email protected]> Wed, 16 Jan 2013 22:34:04
+0700
+
swath (0.4.3-2) unstable; urgency=low
* Build with xz compression.
diff -Nru swath-0.4.3/debian/patches/01_buffer-overflow.patch
swath-0.4.3/debian/patches/01_buffer-overflow.patch
--- swath-0.4.3/debian/patches/01_buffer-overflow.patch 1970-01-01
07:00:00.000000000 +0700
+++ swath-0.4.3/debian/patches/01_buffer-overflow.patch 2013-01-16
22:42:14.000000000 +0700
@@ -0,0 +1,22 @@
+Author: Theppitak Karoonboonyanan <[email protected]>
+Description: Fix potential buffer overflow
+Origin: backport,
http://linux.thai.net/websvn/wsvn/software.swath/trunk?op=revision&rev=238&peg=238
+Bug-Debian: http://bugs.debian.org/698189
+
+Index: swath/src/wordseg.cpp
+===================================================================
+--- swath.orig/src/wordseg.cpp 2012-02-08 15:45:57.893937559 +0700
++++ swath/src/wordseg.cpp 2013-01-16 22:08:29.341085326 +0700
+@@ -282,11 +282,7 @@
+ }
+ else
+ {
+- char stopstr[20];
+- if (muleMode)
+- strcpy (stopstr, wbr);
+- else
+- stopstr[0] = '\0';
++ const char *stopstr = muleMode ? wbr : "";
+ for (;;)
+ { // read until end of file.
+ if (mode == 0)
diff -Nru swath-0.4.3/debian/patches/series swath-0.4.3/debian/patches/series
--- swath-0.4.3/debian/patches/series 1970-01-01 07:00:00.000000000 +0700
+++ swath-0.4.3/debian/patches/series 2013-01-16 22:42:14.000000000 +0700
@@ -0,0 +1 @@
+01_buffer-overflow.patch
--- End Message ---
--- Begin Message ---
On 21.01.2013 09:07, Theppitak Karoonboonyanan wrote:
Please unblock package swath
It fixes potential security hole.
Unblocked; thanks.
Regards,
Adam
--- End Message ---
