Hi, Attached is a debdiff of the changes I made for 0.52.10-4.1 0-day NMU
Cheers, Giuseppe
diff -u newt-0.52.10/debian/changelog newt-0.52.10/debian/changelog
--- newt-0.52.10/debian/changelog
+++ newt-0.52.10/debian/changelog
@@ -1,3 +1,11 @@
+newt (0.52.10-4.1) unstable; urgency=high
+
+ * Non-maintainer upload by the testing Security Team.
+ * Include patch to fix buffer overflow in content processing code
+ Fixes: CVE-2009-2905 Closes: #548198
+
+ -- Giuseppe Iuculano <iucul...@debian.org> Tue, 06 Oct 2009 17:29:33 +0200
+
newt (0.52.10-4) unstable; urgency=low
* Add Ubuntu patch for python-newt-dbg package from Michael Vogt.
only in patch2:
unchanged:
--- newt-0.52.10.orig/debian/patches/600_CVE-2009-2905.patch
+++ newt-0.52.10/debian/patches/600_CVE-2009-2905.patch
@@ -0,0 +1,12 @@
+diff -ruN newt-0.52.10-old/textbox.c newt-0.52.10/textbox.c
+--- newt-0.52.10-old/textbox.c 2009-09-21 14:05:40.000000000 -0400
++++ newt-0.52.10/textbox.c 2009-09-21 14:05:59.000000000 -0400
+@@ -179,7 +179,7 @@
+
+ if (resultPtr) {
+ /* XXX I think this will work */
+- result = malloc(strlen(text) + (strlen(text) / width) + 2);
++ result = malloc(strlen(text) + (strlen(text) / (width - 1)) + 2);
+ *result = '\0';
+ }
+
signature.asc
Description: OpenPGP digital signature
