* Recai Oktaş [2006-01-28 01:56:06+0200] > Hmm, just found some other issues regarding this CVE-2005-4439. Previous > tests had seemed fine to me, but when I made more tests, the bug came up > again. I believe the attached patch should fix this completely. Stefan, > could you have a look at it please?
Stefan has confirmed my patch and applied it in r1642. So far, the following patches have been applied: http://people.debian.org/~roktas/elog-backport-patches/ I've created a new package and confirmed that it works: http://people.debian.org/~roktas/packages/elog_2.5.7+r1558-4+sarge1.diff.gz http://people.debian.org/~roktas/packages/elog_2.5.7+r1558-4+sarge1.dsc http://people.debian.org/~roktas/packages/elog_2.5.7+r1558-4+sarge1_i386.deb Debdiff is attached and here is the new changelog for your convenience: elog (2.5.7+r1558-4+sarge1) stable-security; urgency=critical * Major security update (big thanks to Florian Weimer) + Backport r1333 from upstream's Subversion repository: "Fixed crashes with very long (revisions) attributes" + Backport r1335 from upstream's Subversion repository: "Applied patch from Emiliano to fix possible buffer overflow" + Backport r1472 from upstream's Subversion repository: "Do not distinguish between invalid user name and invalid password for security reasons" + Backport r1487 from upstream's Subversion repository: "Fixed infinite redirection with ?fail=1" + Backport r1529 from upstream's Subversion repository: "Fixed bug with fprintf and buffer containing "%"" [Our patch just eliminates the format string vulnerability.] + Backport r1620 from upstream's Subversion repository: "Prohibit '..' in URLs" [CVE-2006-0347] + Backport r1635 and r1642 from upstream's Subversion repository: "Fixed potential buffer overflows" [CVE-2005-4439] Let me know whether it is fine and I'll make the upload to stable-security (right?). Regards, -- roktas
elog_2.5.7+r1558-3_2.5.7+r1558-4+sarge1.debdiff.gz
Description: Binary data
signature.asc
Description: Digital signature