Control: reopen -1 On Sat, 2012-09-29 at 23:32 +0000, Mark Purcell wrote: > gnugk (2:3.0.2-2) unstable; urgency=medium > . > * Fix "CVE-2012-3534" Added gnugk-fix-cve-2012-3534.diff (Closes: #685969) > * Urgency medium for RC bug
I was looking at the diff for this with a view to unblocking it, but as far as I can see it's not actually fixed. The patch is indeed added to the package, but not applied during build as: $ cat debian/patches/series #gnugk-fix-cve-2012-3534.diff The patch does apply to the package, but attempting to build with it enabled produces: [CC] GkStatus.cxx GkStatus.cxx:833:4: error: expected unqualified-id before 'else' GkStatus.cxx:838:1: error: expected declaration before '}' token Looking at http://openh323gk.cvs.sourceforge.net/viewvc/openh323gk/openh323gk/GkStatus.cxx?r1=1.132&r2=1.133 , the patch in the Debian package includes the removal of the old lines around lines 833 and 843, but not the subsequent addition of the replacement lines. This means that we end up with void GkStatus::AuthenticateClient(StatusClient* newClient) { newClient->SetTraceLevel(GkConfig()->GetInteger("StatusTraceLevel", MAX_STATUS_TRACE_LEVEL)); PTRACE(1, "STATUS\tNew client authenticated successfully: " << newClient->WhoAmI() << ", login: " << newClient->GetUser() ); // the welcome messages newClient->WriteString(PrintGkVersion()); newClient->Flush(); AddSocket(newClient); } else { newClient->WriteString("\r\nAccess forbidden!\r\n"); // newClient->Flush(); // dont' flush when access is denied to avoid blocking delete newClient; } } Regards, Adam -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
