Hi,
I've prepared a NMU to fix CVE-2009-1364 in oldstable, stables, and unstable.
Proposed trivial debdiffs in attachment.
Cheers,
Giuseppe.
diff -u libwmf-0.2.8.4/debian/changelog libwmf-0.2.8.4/debian/changelog
--- libwmf-0.2.8.4/debian/changelog
+++ libwmf-0.2.8.4/debian/changelog
@@ -1,3 +1,11 @@
+libwmf (0.2.8.4-2+etch1) oldstable-security; urgency=high
+
+ * Non-maintainer upload.
+ * Fixed Use-after-free vulnerability in the embedded GD library
+(Closes: #526434) (CVE-2009-1364)
+
+ -- Giuseppe Iuculano giuse...@iuculano.it Wed, 06 May 2009 09:33:49 +0200
+
libwmf (0.2.8.4-2) unstable; urgency=high
* src/player.c: Fix integer overflow vulnerability. [CVE-2006-3376]
only in patch2:
unchanged:
--- libwmf-0.2.8.4.orig/src/extra/gd/gd_clip.c
+++ libwmf-0.2.8.4/src/extra/gd/gd_clip.c
@@ -70,6 +70,7 @@
{ more = gdRealloc (im-clip-list,(im-clip-max + 8) * sizeof
(gdClipRectangle));
if (more == 0) return;
im-clip-max += 8;
+ im-clip-list = more;
}
im-clip-list[im-clip-count] = (*rect);
im-clip-count++;
diffstat for libwmf_0.2.8.4-6 libwmf_0.2.8.4-6+lenny1
libwmf-0.2.8.4/debian/changelog |8
src/extra/gd/gd_clip.c |1 +
2 files changed, 9 insertions(+)
diff -u libwmf-0.2.8.4/debian/changelog libwmf-0.2.8.4/debian/changelog
--- libwmf-0.2.8.4/debian/changelog
+++ libwmf-0.2.8.4/debian/changelog
@@ -1,3 +1,11 @@
+libwmf (0.2.8.4-6.1) unstable; urgency=high
+
+ * Non-maintainer upload.
+ * Fixed Use-after-free vulnerability in the embedded GD library
+(Closes: #526434) (CVE-2009-1364)
+
+ -- Giuseppe Iuculano giuse...@iuculano.it Wed, 06 May 2009 09:19:49 +0200
+
libwmf (0.2.8.4-6) unstable; urgency=low
* Upload to unstable.
only in patch2:
unchanged:
--- libwmf-0.2.8.4.orig/src/extra/gd/gd_clip.c
+++ libwmf-0.2.8.4/src/extra/gd/gd_clip.c
@@ -70,6 +70,7 @@
{ more = gdRealloc (im-clip-list,(im-clip-max + 8) * sizeof
(gdClipRectangle));
if (more == 0) return;
im-clip-max += 8;
+ im-clip-list = more;
}
im-clip-list[im-clip-count] = (*rect);
im-clip-count++;
diffstat for libwmf_0.2.8.4-6 libwmf_0.2.8.4-6+lenny1
libwmf-0.2.8.4/debian/changelog |8
src/extra/gd/gd_clip.c |1 +
2 files changed, 9 insertions(+)
diff -u libwmf-0.2.8.4/debian/changelog libwmf-0.2.8.4/debian/changelog
--- libwmf-0.2.8.4/debian/changelog
+++ libwmf-0.2.8.4/debian/changelog
@@ -1,3 +1,11 @@
+libwmf (0.2.8.4-6+lenny1) stable-security; urgency=high
+
+ * Non-maintainer upload.
+ * Fixed Use-after-free vulnerability in the embedded GD library
+(Closes: #526434) (CVE-2009-1364)
+
+ -- Giuseppe Iuculano giuse...@iuculano.it Wed, 06 May 2009 09:19:49 +0200
+
libwmf (0.2.8.4-6) unstable; urgency=low
* Upload to unstable.
only in patch2:
unchanged:
--- libwmf-0.2.8.4.orig/src/extra/gd/gd_clip.c
+++ libwmf-0.2.8.4/src/extra/gd/gd_clip.c
@@ -70,6 +70,7 @@
{ more = gdRealloc (im-clip-list,(im-clip-max + 8) * sizeof
(gdClipRectangle));
if (more == 0) return;
im-clip-max += 8;
+ im-clip-list = more;
}
im-clip-list[im-clip-count] = (*rect);
im-clip-count++;
signature.asc
Description: OpenPGP digital signature