Moritz Muehlenhoff 於 2015年03月09日 18:31 寫道:
Package: librest
Severity: grave
Tags: security
Justification: user security hole
The following fix was identified to be a security-relevant:
https://bugzilla.gnome.org/show_bug.cgi?id=742644
Please see Florian's CVE request for further information:
http://www.openwall.com/lists/oss-security/2015/03/04/6
Fix:
https://git.gnome.org/browse/librest/commit/?id=b50ace7738ea038
Cheers,
Moritz
I'll fix this soon.
--
PaulLiu (劉穎駿)
E-mail: Ying-Chun Liu (PaulLiu) paul...@debian.org
diff -Nru librest-0.7.92/debian/changelog librest-0.7.92/debian/changelog
--- librest-0.7.92/debian/changelog 2014-10-23 22:40:41.0 +0800
+++ librest-0.7.92/debian/changelog 2015-03-09 21:01:56.0 +0800
@@ -1,3 +1,10 @@
+librest (0.7.92-3) unstable; urgency=medium
+
+ * Add debian/patches/03_fix_invalid_pointer_reference.patch
+- fix invalid pointer dereference (Closes: #780101)
+
+ -- Ying-Chun Liu (PaulLiu) paul...@debian.org Mon, 09 Mar 2015 21:01:02 +0800
+
librest (0.7.92-2) unstable; urgency=medium
* Add debian/patches/02_thread-tests-sleep-for-server-to-start.patch
diff -Nru librest-0.7.92/debian/patches/03_fix_invalid_pointer_reference.patch librest-0.7.92/debian/patches/03_fix_invalid_pointer_reference.patch
--- librest-0.7.92/debian/patches/03_fix_invalid_pointer_reference.patch 1970-01-01 08:00:00.0 +0800
+++ librest-0.7.92/debian/patches/03_fix_invalid_pointer_reference.patch 2015-03-09 21:00:57.0 +0800
@@ -0,0 +1,18 @@
+From: Christophe Fergeau cferg...@redhat.com
+Description: oauth: Add missing include
+ This fixes a compilation warning about a missing prototype.
+Origin: upstream, https://git.gnome.org/browse/librest/commit/?id=b50ace7738ea038
+Bug: https://bugzilla.gnome.org/show_bug.cgi?id=742644
+Bug-Debian: https://bugs.debian.org/780101
+Index: librest-0.7.92/rest/oauth-proxy-call.c
+===
+--- librest-0.7.92.orig/rest/oauth-proxy-call.c
librest-0.7.92/rest/oauth-proxy-call.c
+@@ -25,6 +25,7 @@
+ #include rest/rest-proxy-call.h
+ #include oauth-proxy-call.h
+ #include oauth-proxy-private.h
++#include rest-proxy-call-private.h
+ #include sha1.h
+
+ G_DEFINE_TYPE (OAuthProxyCall, oauth_proxy_call, REST_TYPE_PROXY_CALL)
diff -Nru librest-0.7.92/debian/patches/series librest-0.7.92/debian/patches/series
--- librest-0.7.92/debian/patches/series 2014-10-23 22:30:42.0 +0800
+++ librest-0.7.92/debian/patches/series 2015-03-09 20:56:35.0 +0800
@@ -1,2 +1,3 @@
01_disable-network-tests.patch
02_thread-tests-sleep-for-server-to-start.patch
+03_fix_invalid_pointer_reference.patch
signature.asc
Description: OpenPGP digital signature