* Recai Oktaş [2006-01-28 01:56:06+0200] > Hmm, just found some other issues regarding this CVE-2005-4439. Previous > tests had seemed fine to me, but when I made more tests, the bug came up > again. I believe the attached patch should fix this completely. Stefan, > could you have a look at it please?
Stefan has confirmed my patch and applied it in r1642. So far, the
following patches have been applied:
http://people.debian.org/~roktas/elog-backport-patches/
I've created a new package and confirmed that it works:
http://people.debian.org/~roktas/packages/elog_2.5.7+r1558-4+sarge1.diff.gz
http://people.debian.org/~roktas/packages/elog_2.5.7+r1558-4+sarge1.dsc
http://people.debian.org/~roktas/packages/elog_2.5.7+r1558-4+sarge1_i386.deb
Debdiff is attached and here is the new changelog for your convenience:
elog (2.5.7+r1558-4+sarge1) stable-security; urgency=critical
* Major security update (big thanks to Florian Weimer)
+ Backport r1333 from upstream's Subversion repository:
"Fixed crashes with very long (revisions) attributes"
+ Backport r1335 from upstream's Subversion repository:
"Applied patch from Emiliano to fix possible buffer overflow"
+ Backport r1472 from upstream's Subversion repository:
"Do not distinguish between invalid user name and invalid password
for security reasons"
+ Backport r1487 from upstream's Subversion repository:
"Fixed infinite redirection with ?fail=1"
+ Backport r1529 from upstream's Subversion repository:
"Fixed bug with fprintf and buffer containing "%""
[Our patch just eliminates the format string vulnerability.]
+ Backport r1620 from upstream's Subversion repository:
"Prohibit '..' in URLs" [CVE-2006-0347]
+ Backport r1635 and r1642 from upstream's Subversion repository:
"Fixed potential buffer overflows" [CVE-2005-4439]
Let me know whether it is fine and I'll make the upload to stable-security
(right?).
Regards,
--
roktas
elog_2.5.7+r1558-3_2.5.7+r1558-4+sarge1.debdiff.gz
Description: Binary data
signature.asc
Description: Digital signature
