Hi

Attached is the NMU patch.

Cheers
Steffen
diff -u amule-2.2.5/debian/changelog amule-2.2.5/debian/changelog
--- amule-2.2.5/debian/changelog
+++ amule-2.2.5/debian/changelog
@@ -1,3 +1,12 @@
+amule (2.2.5-1.1) unstable; urgency=high
+
+  * Non-maintainer upload by the security team
+  * Make sure that the single tick is handled properly in order to avoid
+    code execution (Closes: #525078)
+    Fixes: CVE-2009-1440
+
+ -- Steffen Joeris <[email protected]>  Thu, 18 Jun 2009 14:10:54 +0000
+
 amule (2.2.5-1) unstable; urgency=low
 
   +++ The "Fido, Your Leash Is Too Long" release.
diff -u amule-2.2.5/debian/patches/series amule-2.2.5/debian/patches/series
--- amule-2.2.5/debian/patches/series
+++ amule-2.2.5/debian/patches/series
@@ -3,0 +4 @@
+CVE-2009-1440.patch
only in patch2:
unchanged:
--- amule-2.2.5.orig/debian/patches/CVE-2009-1440.patch
+++ amule-2.2.5/debian/patches/CVE-2009-1440.patch
@@ -0,0 +1,11 @@
+--- ../old/amule-2.2.5/src/DownloadListCtrl.cpp	2009-04-30 13:04:17.000000000 +0000
++++ amule-2.2.5/src/DownloadListCtrl.cpp	2009-06-18 14:08:52.000000000 +0000
+@@ -2298,7 +2298,7 @@
+ 		wxString rawFileName = file->GetFullName().GetRaw();
+ 
+ #ifndef __WXMSW__
+-		rawFileName.Replace(QUOTE, wxT("'\"'\"'"));
++		rawFileName.Replace(QUOTE, wxT("\\") QUOTE);
+ #endif
+ 
+ 		if (!command.Replace(wxT("$file"), rawFileName)) {

Attachment: signature.asc
Description: This is a digitally signed message part.

Reply via email to