subject:"Bug#780101\: librest\: Invalid pointer dereference"

Bug#780101: librest: Invalid pointer dereference

2015-03-09 Thread Ying-Chun Liu (PaulLiu)

Moritz Muehlenhoff 於 2015年03月09日 18:31 寫道:
 Package: librest
 Severity: grave
 Tags: security
 Justification: user security hole
 
 The following fix was identified to be a security-relevant:
 https://bugzilla.gnome.org/show_bug.cgi?id=742644
 
 Please see Florian's CVE request for further information:
 http://www.openwall.com/lists/oss-security/2015/03/04/6
 
 Fix:
 https://git.gnome.org/browse/librest/commit/?id=b50ace7738ea038
 
 Cheers,
 Moritz
 

I'll fix this soon.


-- 
PaulLiu (劉穎駿)
E-mail: Ying-Chun Liu (PaulLiu) paul...@debian.org
diff -Nru librest-0.7.92/debian/changelog librest-0.7.92/debian/changelog
--- librest-0.7.92/debian/changelog	2014-10-23 22:40:41.0 +0800
+++ librest-0.7.92/debian/changelog	2015-03-09 21:01:56.0 +0800
@@ -1,3 +1,10 @@
+librest (0.7.92-3) unstable; urgency=medium
+
+  * Add debian/patches/03_fix_invalid_pointer_reference.patch
+- fix invalid pointer dereference (Closes: #780101)
+
+ -- Ying-Chun Liu (PaulLiu) paul...@debian.org  Mon, 09 Mar 2015 21:01:02 +0800
+
 librest (0.7.92-2) unstable; urgency=medium
 
   * Add debian/patches/02_thread-tests-sleep-for-server-to-start.patch
diff -Nru librest-0.7.92/debian/patches/03_fix_invalid_pointer_reference.patch librest-0.7.92/debian/patches/03_fix_invalid_pointer_reference.patch
--- librest-0.7.92/debian/patches/03_fix_invalid_pointer_reference.patch	1970-01-01 08:00:00.0 +0800
+++ librest-0.7.92/debian/patches/03_fix_invalid_pointer_reference.patch	2015-03-09 21:00:57.0 +0800
@@ -0,0 +1,18 @@
+From: Christophe Fergeau cferg...@redhat.com
+Description: oauth: Add missing include
+ This fixes a compilation warning about a missing prototype. 
+Origin: upstream, https://git.gnome.org/browse/librest/commit/?id=b50ace7738ea038
+Bug: https://bugzilla.gnome.org/show_bug.cgi?id=742644
+Bug-Debian: https://bugs.debian.org/780101
+Index: librest-0.7.92/rest/oauth-proxy-call.c
+===
+--- librest-0.7.92.orig/rest/oauth-proxy-call.c
 librest-0.7.92/rest/oauth-proxy-call.c
+@@ -25,6 +25,7 @@
+ #include rest/rest-proxy-call.h
+ #include oauth-proxy-call.h
+ #include oauth-proxy-private.h
++#include rest-proxy-call-private.h
+ #include sha1.h
+ 
+ G_DEFINE_TYPE (OAuthProxyCall, oauth_proxy_call, REST_TYPE_PROXY_CALL)
diff -Nru librest-0.7.92/debian/patches/series librest-0.7.92/debian/patches/series
--- librest-0.7.92/debian/patches/series	2014-10-23 22:30:42.0 +0800
+++ librest-0.7.92/debian/patches/series	2015-03-09 20:56:35.0 +0800
@@ -1,2 +1,3 @@
 01_disable-network-tests.patch
 02_thread-tests-sleep-for-server-to-start.patch
+03_fix_invalid_pointer_reference.patch


signature.asc
Description: OpenPGP digital signature

Bug#780101: librest: Invalid pointer dereference

2015-03-09 Thread Moritz Muehlenhoff

Package: librest
Severity: grave
Tags: security
Justification: user security hole

The following fix was identified to be a security-relevant:
https://bugzilla.gnome.org/show_bug.cgi?id=742644

Please see Florian's CVE request for further information:
http://www.openwall.com/lists/oss-security/2015/03/04/6

Fix:
https://git.gnome.org/browse/librest/commit/?id=b50ace7738ea038

Cheers,
Moritz


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#780101: librest: Invalid pointer dereference

Bug#780101: librest: Invalid pointer dereference

2 matches

Site Navigation

Mail list logo

Footer information