Control: tags 944012 + patch
Control: tags 944012 + pending
Dear maintainer,
I've prepared an NMU for freetds (versioned as 1.1.6-1.1) and
uploaded it to DELAYED/10. Please feel free to tell me if I
should delay it longer.
Regards,
Salvatore
diff -u freetds-1.1.6/debian/changelog freetds-1.1.6/debian/changelog
--- freetds-1.1.6/debian/changelog
+++ freetds-1.1.6/debian/changelog
@@ -1,3 +1,10 @@
+freetds (1.1.6-1.1) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * tds: Make sure UDT has varint set to 8 (CVE-2019-13508) (Closes: #944012)
+
+ -- Salvatore Bonaccorso <car...@debian.org> Wed, 01 Jan 2020 21:09:16 +0100
+
freetds (1.1.6-1) unstable; urgency=medium
* New upstream release.
diff -u freetds-1.1.6/src/tds/data.c freetds-1.1.6/src/tds/data.c
--- freetds-1.1.6/src/tds/data.c
+++ freetds-1.1.6/src/tds/data.c
@@ -1428,6 +1428,7 @@
tds_get_string(tds, tds_get_usmallint(tds), NULL, 0);
col->column_size = 0x7ffffffflu;
+ col->column_varint_size = 8;
return TDS_SUCCESS;
}
@@ -1435,6 +1436,7 @@
TDS_INT
tds_clrudt_row_len(TDSCOLUMN *col)
{
+ col->column_varint_size = 8;
/* TODO save other fields */
return sizeof(TDSBLOB);
}
