Package: release.debian.org Severity: normal User: [email protected] Usertags: unblock
Please unblock package bibtool. It fixes a buffer overflow w/o CVE ID. unblock bibtool/2.57+ds-3 debdiff: diff -Nru bibtool-2.57+ds/debian/changelog bibtool-2.57+ds/debian/changelog --- bibtool-2.57+ds/debian/changelog 2014-10-22 01:46:28.000000000 +0200 +++ bibtool-2.57+ds/debian/changelog 2015-03-04 13:13:27.000000000 +0100 @@ -1,3 +1,9 @@ +bibtool (2.57+ds-3) unstable; urgency=medium + + * buffer overflow security fix (Closes: #779573). + + -- Jerome Benoit <[email protected]> Wed, 04 Mar 2015 07:28:23 +0000 + bibtool (2.57+ds-2) unstable; urgency=medium * fix location of documentation for texdoc diff -Nru bibtool-2.57+ds/debian/gbp.conf bibtool-2.57+ds/debian/gbp.conf --- bibtool-2.57+ds/debian/gbp.conf 1970-01-01 01:00:00.000000000 +0100 +++ bibtool-2.57+ds/debian/gbp.conf 2015-03-04 13:13:27.000000000 +0100 @@ -0,0 +1,2 @@ +[DEFAULT] +debian-branch=jessie diff -Nru bibtool-2.57+ds/debian/patches/security_fix-heap_buffer_overflow.patch bibtool-2.57+ds/debian/patches/security_fix-heap_buffer_overflow.patch --- bibtool-2.57+ds/debian/patches/security_fix-heap_buffer_overflow.patch 1970-01-01 01:00:00.000000000 +0100 +++ bibtool-2.57+ds/debian/patches/security_fix-heap_buffer_overflow.patch 2015-03-04 13:13:27.000000000 +0100 @@ -0,0 +1,31 @@ +Description: security fix: heap buffer overflow + Minimal version extracted by hand from uptream commits + c6ed92c556f28ca2c738972c647486f9e11424bf + and f23adeeb58e64a9e73b0f38c87684a2ce488feed + at https://github.com/ge-ne/bibtool/. +Origin: upstream maintainer +Author: Gerd Neugebauer <[email protected]> +Last-Update: 2015-03-04 + +--- a/print.c ++++ b/print.c +@@ -269,7 +269,7 @@ + save_ptr = s; /* */ + /* */ + for(ptr = s; /* Search next newline */ +- ptr <= save_ptr && *ptr != '\n'; /* or end of region */ ++ ptr < save_ptr && *ptr != '\n'; /* or end of region */ + ptr++) {} /* */ + /* */ + if ( *ptr == '\n' ) /* */ +--- a/rewrite.c ++++ b/rewrite.c +@@ -304,7 +304,7 @@ + DebugPrint2("field = ",field); /* */ + (void)SParseSkip(&s); /* */ + /* */ +- if ( stackp > stacksize ) /* */ ++ if ( stackp >= stacksize ) /* */ + { stacksize += 8; /* */ + if ( (stack=(Uchar**)realloc((char*)stack, /* */ + stacksize*sizeof(char*)))==NULL)/* */ diff -Nru bibtool-2.57+ds/debian/patches/series bibtool-2.57+ds/debian/patches/series --- bibtool-2.57+ds/debian/patches/series 2014-10-22 01:46:28.000000000 +0200 +++ bibtool-2.57+ds/debian/patches/series 2015-03-04 13:13:27.000000000 +0100 @@ -1,3 +1,4 @@ +security_fix-heap_buffer_overflow.patch cleanup-upstream.patch rationalization-upstream-doc.patch secure-upstream-doc.patch -- System Information: Debian Release: 8.0 APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.16.0-4-amd64 (SMP w/2 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: https://lists.debian.org/[email protected]
