On Fri, Feb 20, 2009 at 6:35 AM, otzenpunk <[email protected]> wrote: > I'm afraid, but I that doesn't seem to work. (hardy-fix.debdiff) > > ~/src/roundcube-0.1~rc2$ patch -p1 < ../hardy-fix.debdiff > patching file debian/control > patching file debian/changelog > patching file debian/control.in > patching file debian/patches/series > patching file debian/patches/cve-2008-5619.patch > patching file debian/patches/cve-2008-5620.patch > ~/src/roundcube-0.1~rc2$ > > I suspect, that the mistake has something to do with those additional > plus signs at the beginning of each line: > > +--- roundcube-0.1.1.orig/program/lib/html2text.inc 2009-02-19 > 23:54:37.000000000 -0500 > ++++ /dev/null 1970-01-01 00:00:00.000000000 +0000 > +@@ -1,451 +0,0 @@ > +-<?php > +- > > I also don't understand the references to /dev/null. > +-/************************************************************************* > +-* * > +- > .... > > -- > CVE-2008-5620- Roundcube vulnerable and actively exploited > https://bugs.launchpad.net/bugs/316550 > You received this bug notification because you are a direct subscriber > of the bug. >
Those are are patches to the Ubuntu source packages. The packages use a patch system (quilt) for patching the upstream source. The source isn't being patched directly. It is done at build time. -- CVE-2008-5620- Roundcube vulnerable and actively exploited https://bugs.launchpad.net/bugs/316550 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
