Package: release.debian.org Severity: normal Tags: stretch User: release.debian....@packages.debian.org Usertags: pu
Hi, Please approve the following update for stretch fixing a CVE: diff -Nru csync2-2.0-8-g175a01c/debian/changelog csync2-2.0-8-g175a01c/debian/changelog --- csync2-2.0-8-g175a01c/debian/changelog 2016-10-23 15:38:46.000000000 +0200 +++ csync2-2.0-8-g175a01c/debian/changelog 2020-04-05 15:26:41.000000000 +0200 @@ -1,3 +1,9 @@ +csync2 (2.0-8-g175a01c-4+deb9u1) stretch; urgency=medium + + * Add patch for CVE-2019-15522 (Closes: #955445) + + -- Valentin Vidic <vvi...@debian.org> Sun, 05 Apr 2020 15:26:41 +0200 + csync2 (2.0-8-g175a01c-4) unstable; urgency=medium [ Christoph Berg ] diff -Nru csync2-2.0-8-g175a01c/debian/patches/CVE-2019-15522.patch csync2-2.0-8-g175a01c/debian/patches/CVE-2019-15522.patch --- csync2-2.0-8-g175a01c/debian/patches/CVE-2019-15522.patch 1970-01-01 01:00:00.000000000 +0100 +++ csync2-2.0-8-g175a01c/debian/patches/CVE-2019-15522.patch 2020-04-05 15:25:58.000000000 +0200 @@ -0,0 +1,21 @@ +From 0ecfc333da51575f188dd7cf6ac4974d13a800b1 Mon Sep 17 00:00:00 2001 +From: Malte Kraus <malte.kr...@suse.com> +Date: Tue, 13 Aug 2019 11:25:57 +0200 +Subject: [PATCH] fail HELLO command when SSL is required + +--- + daemon.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/daemon.c b/daemon.c +index 2d8407d..2a1a8af 100644 +--- a/daemon.c ++++ b/daemon.c +@@ -747,6 +747,7 @@ void csync_daemon_session() + goto conn_without_ssl_ok; + } + cmd_error = conn_response(CR_ERR_SSL_EXPECTED); ++ peer = NULL; + } + conn_without_ssl_ok:; + #endif diff -Nru csync2-2.0-8-g175a01c/debian/patches/series csync2-2.0-8-g175a01c/debian/patches/series --- csync2-2.0-8-g175a01c/debian/patches/series 2016-10-23 15:38:46.000000000 +0200 +++ csync2-2.0-8-g175a01c/debian/patches/series 2020-04-05 15:26:06.000000000 +0200 @@ -1,3 +1,4 @@ fix-MAXPATHLEN-for-hurd-i386.patch fix-libsqlite3-name.patch fix-xinetd.patch +CVE-2019-15522.patch