Hi, Attached is a debdiff of the changes I made for 0.52.10-4.1 0-day NMU
Cheers, Giuseppe
diff -u newt-0.52.10/debian/changelog newt-0.52.10/debian/changelog --- newt-0.52.10/debian/changelog +++ newt-0.52.10/debian/changelog @@ -1,3 +1,11 @@ +newt (0.52.10-4.1) unstable; urgency=high + + * Non-maintainer upload by the testing Security Team. + * Include patch to fix buffer overflow in content processing code + Fixes: CVE-2009-2905 Closes: #548198 + + -- Giuseppe Iuculano <iucul...@debian.org> Tue, 06 Oct 2009 17:29:33 +0200 + newt (0.52.10-4) unstable; urgency=low * Add Ubuntu patch for python-newt-dbg package from Michael Vogt. only in patch2: unchanged: --- newt-0.52.10.orig/debian/patches/600_CVE-2009-2905.patch +++ newt-0.52.10/debian/patches/600_CVE-2009-2905.patch @@ -0,0 +1,12 @@ +diff -ruN newt-0.52.10-old/textbox.c newt-0.52.10/textbox.c +--- newt-0.52.10-old/textbox.c 2009-09-21 14:05:40.000000000 -0400 ++++ newt-0.52.10/textbox.c 2009-09-21 14:05:59.000000000 -0400 +@@ -179,7 +179,7 @@ + + if (resultPtr) { + /* XXX I think this will work */ +- result = malloc(strlen(text) + (strlen(text) / width) + 2); ++ result = malloc(strlen(text) + (strlen(text) / (width - 1)) + 2); + *result = '\0'; + } +
signature.asc
Description: OpenPGP digital signature