Hi Salvatore On 27/01/2019 09:14, Salvatore Bonaccorso wrote: > On Thu, Jan 17, 2019 at 01:44:14PM +0100, kaliko wrote: >> Package: release.debian.org >> Severity: normal >> Tags: stretch >> User: release.debian....@packages.debian.org >> Usertags: pu >> > Hi > > Update fixing CVE-2018-9240 / #894724 > […]> Please use for consistency (although that would be possible if > 0.25-0.2 was never used) rather 0.25-0.1+deb9u1 for the version.
I updated the patch according to your review (find attached). I also pushed it in branch stretch-pu: https://salsa.debian.org/kaliko-guest/ncmpc-gbp/tree/stretch-pu Cheers k
diff -Nru ncmpc-0.25/debian/changelog ncmpc-0.25/debian/changelog --- ncmpc-0.25/debian/changelog 2019-01-16 12:51:14.000000000 +0100 +++ ncmpc-0.25/debian/changelog 2016-11-10 08:32:55.000000000 +0100 @@ -1,10 +1,3 @@ -ncmpc (0.25-0.1+deb9u1) stretch; urgency=medium - - * Non-maintainer upload. - * Fix CVE-2018-9240 (Closes: #894724) - - -- Geoffroy Youri Berret <ef...@azylum.org> Wed, 16 Jan 2019 12:51:14 +0100 - ncmpc (0.25-0.1) unstable; urgency=medium * Non-maintainer upload. diff -Nru ncmpc-0.25/debian/patches/fix-CVE-2018-9240.patch ncmpc-0.25/debian/patches/fix-CVE-2018-9240.patch --- ncmpc-0.25/debian/patches/fix-CVE-2018-9240.patch 2019-01-16 12:51:14.000000000 +0100 +++ ncmpc-0.25/debian/patches/fix-CVE-2018-9240.patch 1970-01-01 01:00:00.000000000 +0100 @@ -1,19 +0,0 @@ -Description: Fix NULL dereference on long messages -Author: Jonathan Neuschäfer <j.neuschae...@gmx.net> -Origin: https://bugs.debian.org/894724 -Applied-Upstream: v0.30 -Last-Update: 2019-01-16 ---- -This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ ---- a/src/mpdclient.h -+++ b/src/mpdclient.h -@@ -76,6 +76,9 @@ - static inline bool - mpdclient_finish_command(struct mpdclient *c) - { -+ if (!c->connection) -+ return false; -+ - return mpd_response_finish(c->connection) - ? true : mpdclient_handle_error(c); - } diff -Nru ncmpc-0.25/debian/patches/series ncmpc-0.25/debian/patches/series --- ncmpc-0.25/debian/patches/series 2019-01-16 12:51:14.000000000 +0100 +++ ncmpc-0.25/debian/patches/series 2016-11-10 08:32:55.000000000 +0100 @@ -1,2 +1 @@ lirc.patch -fix-CVE-2018-9240.patch
signature.asc
Description: OpenPGP digital signature