Bug#779863: marked as done (unblock: bibtool/2.57+ds-3)

Thu, 05 Mar 2015 13:24:36 -0800 

Your message dated Thu, 05 Mar 2015 22:20:48 +0100
with message-id <[email protected]>
and subject line Re: Bug#779863: unblock: bibtool/2.57+ds-3
has caused the Debian Bug report #779863,
regarding unblock: bibtool/2.57+ds-3
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
779863: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=779863
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: release.debian.org
Severity: normal
User: [email protected]
Usertags: unblock

Please unblock package bibtool. It fixes a buffer overflow w/o
CVE ID.

unblock bibtool/2.57+ds-3

debdiff:

diff -Nru bibtool-2.57+ds/debian/changelog bibtool-2.57+ds/debian/changelog
--- bibtool-2.57+ds/debian/changelog    2014-10-22 01:46:28.000000000 +0200
+++ bibtool-2.57+ds/debian/changelog    2015-03-04 13:13:27.000000000 +0100
@@ -1,3 +1,9 @@
+bibtool (2.57+ds-3) unstable; urgency=medium
+
+  * buffer overflow security fix (Closes: #779573).
+
+ -- Jerome Benoit <[email protected]>  Wed, 04 Mar 2015 07:28:23 +0000
+
 bibtool (2.57+ds-2) unstable; urgency=medium
 
   * fix location of documentation for texdoc
diff -Nru bibtool-2.57+ds/debian/gbp.conf bibtool-2.57+ds/debian/gbp.conf
--- bibtool-2.57+ds/debian/gbp.conf     1970-01-01 01:00:00.000000000 +0100
+++ bibtool-2.57+ds/debian/gbp.conf     2015-03-04 13:13:27.000000000 +0100
@@ -0,0 +1,2 @@
+[DEFAULT]
+debian-branch=jessie
diff -Nru 
bibtool-2.57+ds/debian/patches/security_fix-heap_buffer_overflow.patch 
bibtool-2.57+ds/debian/patches/security_fix-heap_buffer_overflow.patch
--- bibtool-2.57+ds/debian/patches/security_fix-heap_buffer_overflow.patch      
1970-01-01 01:00:00.000000000 +0100
+++ bibtool-2.57+ds/debian/patches/security_fix-heap_buffer_overflow.patch      
2015-03-04 13:13:27.000000000 +0100
@@ -0,0 +1,31 @@
+Description: security fix: heap buffer overflow
+ Minimal version extracted by hand from uptream commits
+ c6ed92c556f28ca2c738972c647486f9e11424bf
+ and f23adeeb58e64a9e73b0f38c87684a2ce488feed
+ at https://github.com/ge-ne/bibtool/.
+Origin: upstream maintainer
+Author: Gerd Neugebauer <[email protected]>
+Last-Update: 2015-03-04
+
+--- a/print.c
++++ b/print.c
+@@ -269,7 +269,7 @@
+         save_ptr = s;                            /*                        */
+                                                  /*                        */
+       for(ptr = s;                               /* Search next newline    */
+-          ptr <= save_ptr && *ptr != '\n';       /*  or end of region      */
++          ptr < save_ptr && *ptr != '\n';        /*  or end of region      */
+           ptr++) {}                              /*                        */
+                                                  /*                        */
+       if ( *ptr == '\n' )                        /*                        */
+--- a/rewrite.c
++++ b/rewrite.c
+@@ -304,7 +304,7 @@
+     DebugPrint2("field   = ",field);             /*                        */
+     (void)SParseSkip(&s);                        /*                        */
+                                                  /*                        */
+-    if ( stackp > stacksize )                    /*                        */
++    if ( stackp >= stacksize )                           /*                   
     */
+     { stacksize += 8;                            /*                        */
+       if ( (stack=(Uchar**)realloc((char*)stack,   /*                        
*/
+                                 stacksize*sizeof(char*)))==NULL)/*         */
diff -Nru bibtool-2.57+ds/debian/patches/series 
bibtool-2.57+ds/debian/patches/series
--- bibtool-2.57+ds/debian/patches/series       2014-10-22 01:46:28.000000000 
+0200
+++ bibtool-2.57+ds/debian/patches/series       2015-03-04 13:13:27.000000000 
+0100
@@ -1,3 +1,4 @@
+security_fix-heap_buffer_overflow.patch
 cleanup-upstream.patch
 rationalization-upstream-doc.patch
 secure-upstream-doc.patch


-- System Information:
Debian Release: 8.0
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.16.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

--- End Message ---
--- Begin Message --- 
On 2015-03-05 18:59, Moritz Muehlenhoff wrote:
> Package: release.debian.org
> Severity: normal
> User: [email protected]
> Usertags: unblock
> 
> Please unblock package bibtool. It fixes a buffer overflow w/o
> CVE ID.
> 
> unblock bibtool/2.57+ds-3
> 
> debdiff:
> 
> [...]

Unblocked, thanks.

~Niels

--- End Message ---

Reply via email to