Package: release.debian.org Severity: normal Tags: stretch User: release.debian....@packages.debian.org Usertags: pu
Hi Stable Release Managers, The basez version released in stretch is affected by bug #931041 and is consequently not properly decoding base64url stream. This bug has been fixed in sid, testing and buster-pu. I'm about to upload fixed basez/1.6-3+deb9u1 package for stretch. See attached debdiff. Milan
diff -Nru basez-1.6/debian/changelog basez-1.6/debian/changelog --- basez-1.6/debian/changelog 2016-10-27 09:33:37.000000000 -0400 +++ basez-1.6/debian/changelog 2019-08-22 22:07:39.000000000 -0400 @@ -1,3 +1,9 @@ +basez (1.6-3+deb9u1) stretch; urgency=medium + + * Properly decode base64url encoded strings (closes: #931041) + + -- Milan Kupcevic <mi...@debian.org> Thu, 22 Aug 2019 22:07:39 -0400 + basez (1.6-3) unstable; urgency=medium * Remove configure getconf libs. diff -Nru basez-1.6/debian/patches/base64url-decode-bug-931041 basez-1.6/debian/patches/base64url-decode-bug-931041 --- basez-1.6/debian/patches/base64url-decode-bug-931041 1969-12-31 19:00:00.000000000 -0500 +++ basez-1.6/debian/patches/base64url-decode-bug-931041 2019-08-03 23:29:13.000000000 -0400 @@ -0,0 +1,16 @@ +Description: properly decode base64url encoded strings +Author: Milan Kupcevic <mi...@debian.org> +Bug: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931041 +--- +This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ +--- a/base64.c ++++ b/base64.c +@@ -188,7 +188,7 @@ + bout[0] = bout[0] | c[bin[1]] >> 4; + } + +- switch(c64d[bin[2]]) ++ switch(c[bin[2]]) + { + case 0xfe: + if(bin[3] == '=') diff -Nru basez-1.6/debian/patches/series basez-1.6/debian/patches/series --- basez-1.6/debian/patches/series 1969-12-31 19:00:00.000000000 -0500 +++ basez-1.6/debian/patches/series 2019-08-03 22:15:31.000000000 -0400 @@ -0,0 +1 @@ +base64url-decode-bug-931041