Bug#919576: stretch-pu: package ncmpc/0.25-0.1

kaliko Thu, 17 Jan 2019 04:51:30 -0800

Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian....@packages.debian.org
Usertags: pu


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi

Update fixing CVE-2018-9240 / #894724

Source for this patch are on salsa, branch stretch-pu:

    https://salsa.debian.org/kaliko-guest/ncmpc-gbp/tree/stretch-pu

- -------------------------8<-----------------------

+--- a/src/mpdclient.h
++++ b/src/mpdclient.h
+@@ -76,6 +76,9 @@
+ static inline bool
+ mpdclient_finish_command(struct mpdclient *c)
+ {
++      if (!c->connection)
++              return false;
++
+       return mpd_response_finish(c->connection)
+               ? true : mpdclient_handle_error(c);
+ }

- ------------------------->8-----------------------

See attached debdiff.
Cheers

-----BEGIN PGP SIGNATURE-----

iQJGBAEBCgAwFiEEE5yJWkSiFjoTmimKdwOcUqy2lK4FAlxAeJ0SHGthbGlrb0Bh
enlsdW0ub3JnAAoJEHcDnFKstpSuMYQP/ihkQJeHx8oyexwcnLyeYo1NJNPnMJTZ
6fkVMCSrlCtTw43zRDgKTbau6ODIygP8N+mD7eJzXIQmuToO5TkQNaZj1MBAxgMt
PWiNQiJ/Lh/SAmZcGuvUpPMbu/puyiZhJFbMakaZtqoVmIFCnV2zqCMZ5rxM4lRb
mRFyPnpn4bW7aXGSCM6AT1gqOkPpV/jIFvaF4c4wQXQvT67yGdC4NPP5cP8EpdgG
ZJlK89EsWEifGe9vV8qEfUHRO4KN8/FD3KFqYpsiMgQ/a/T6QMnucQqXKnv8xdpr
K9cyZiCn128Jb+a1qGBSKpdBWfw6NcBaDxIpNqb+qu6Coa3pNkrelf+T1Z+pA6lP
8zwola012bn3+HIkWP/BaSpbMO3A2SqU3bZuRZ/ooIbK+bYVQVTNnnoYm3dNjiv5
roP5PcB/TjMA6Tg4VVWyz1qjSZ189bNIkZ7S5aIsg5NGtEB4RjZN9WSYqVL31pki
UO3Ome6/YVtzxQ+msZsXmjP+4/pZZVORDEghtXOkmUhn55GgOZ5i5PVzbNZAV/AN
4EMCpUQmbQ1AWN2apflfa0TfSjTsUWXM8PRp3demxroRwjChhYhcscVK79GS5jUP
0t6wOSebgy47wSSo1ZkJtTJ1LcfexqwTONQs4o6hvHum6GIYUOpSlij7rU0MGbAw
c+DTGh+iG3Ik
=v9xZ
-----END PGP SIGNATURE-----

diff -Nru ncmpc-0.25/debian/changelog ncmpc-0.25/debian/changelog
--- ncmpc-0.25/debian/changelog 2016-10-28 07:05:23.000000000 +0200
+++ ncmpc-0.25/debian/changelog 2019-01-16 12:51:14.000000000 +0100
@@ -1,3 +1,10 @@
+ncmpc (0.25-0.2) stretch; urgency=medium
+
+  * Non-maintainer upload.
+  * Fix CVE-2018-9240 (Closes: #894724)
+
+ -- Geoffroy Youri Berret <ef...@azylum.org>  Wed, 16 Jan 2019 12:51:14 +0100
+
 ncmpc (0.25-0.1) unstable; urgency=medium
 
   * Non-maintainer upload.
diff -Nru ncmpc-0.25/debian/patches/fix-CVE-2018-9240.patch 
ncmpc-0.25/debian/patches/fix-CVE-2018-9240.patch
--- ncmpc-0.25/debian/patches/fix-CVE-2018-9240.patch   1970-01-01 
01:00:00.000000000 +0100
+++ ncmpc-0.25/debian/patches/fix-CVE-2018-9240.patch   2019-01-16 
12:51:14.000000000 +0100
@@ -0,0 +1,19 @@
+Description: Fix NULL dereference on long messages
+Author: Jonathan Neuschäfer <j.neuschae...@gmx.net>
+Origin: https://bugs.debian.org/894724
+Applied-Upstream: v0.30
+Last-Update: 2019-01-16
+---
+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
+--- a/src/mpdclient.h
++++ b/src/mpdclient.h
+@@ -76,6 +76,9 @@
+ static inline bool
+ mpdclient_finish_command(struct mpdclient *c)
+ {
++      if (!c->connection)
++              return false;
++
+       return mpd_response_finish(c->connection)
+               ? true : mpdclient_handle_error(c);
+ }
diff -Nru ncmpc-0.25/debian/patches/series ncmpc-0.25/debian/patches/series
--- ncmpc-0.25/debian/patches/series    2016-10-28 07:05:23.000000000 +0200
+++ ncmpc-0.25/debian/patches/series    2019-01-16 12:51:14.000000000 +0100
@@ -1 +1,2 @@
 lirc.patch
+fix-CVE-2018-9240.patch

Bug#919576: stretch-pu: package ncmpc/0.25-0.1

Reply via email to