Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian@packages.debian.org
Usertags: pu
Hi,
Please approve the following update for buster fixing a CVE:
diff -Nru csync2-2.0-22-gce67c55/debian/changelog
csync2-2.0-22-gce67c55/debian/changelog
--- csync2-2.0-22-gce67c55/debian/changelog 2018-10-06 23:05:46.0
+0200
+++ csync2-2.0-22-gce67c55/debian/changelog 2020-04-05 12:55:07.0
+0200
@@ -1,3 +1,9 @@
+csync2 (2.0-22-gce67c55-1+deb10u1) buster; urgency=medium
+
+ * Add patch for CVE-2019-15522 (Closes: #955445)
+
+ -- Valentin Vidic Sun, 05 Apr 2020 12:55:07 +0200
+
csync2 (2.0-22-gce67c55-1) unstable; urgency=medium
* New upstream version 2.0-22-gce67c55
diff -Nru csync2-2.0-22-gce67c55/debian/patches/CVE-2019-15522.patch
csync2-2.0-22-gce67c55/debian/patches/CVE-2019-15522.patch
--- csync2-2.0-22-gce67c55/debian/patches/CVE-2019-15522.patch 1970-01-01
01:00:00.0 +0100
+++ csync2-2.0-22-gce67c55/debian/patches/CVE-2019-15522.patch 2020-04-05
12:51:42.0 +0200
@@ -0,0 +1,21 @@
+From 0ecfc333da51575f188dd7cf6ac4974d13a800b1 Mon Sep 17 00:00:00 2001
+From: Malte Kraus
+Date: Tue, 13 Aug 2019 11:25:57 +0200
+Subject: [PATCH] fail HELLO command when SSL is required
+
+---
+ daemon.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/daemon.c b/daemon.c
+index 2d8407d..2a1a8af 100644
+--- a/daemon.c
b/daemon.c
+@@ -747,6 +747,7 @@ void csync_daemon_session()
+ goto conn_without_ssl_ok;
+ }
+ cmd_error = conn_response(CR_ERR_SSL_EXPECTED);
++ peer = NULL;
+ }
+ conn_without_ssl_ok:;
+ #endif
diff -Nru csync2-2.0-22-gce67c55/debian/patches/series
csync2-2.0-22-gce67c55/debian/patches/series
--- csync2-2.0-22-gce67c55/debian/patches/series2018-04-18
22:30:48.0 +0200
+++ csync2-2.0-22-gce67c55/debian/patches/series2020-04-05
12:51:17.0 +0200
@@ -3,3 +3,4 @@
spelling.patch
fix-manpage-header.patch
fix-parallel-build.patch
+CVE-2019-15522.patch
--
Valentin
