[Debian-med-packaging] Bug#994574: bullseye-pu: package dazzdb/1.0+git20201103.8d98c37-1+deb11u1

Sebastian Ramacher sramacher at debian.org
Fri Sep 17 21:42:09 BST 2021 

Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian.org at packages.debian.org
Usertags: pu
X-Debbugs-Cc: sramacher at debian.org, dazzdb at packages.debian.org

[ Reason ]
glibc 2.32 uncovered a use-after-free issue in dazzdb (#993770). While
dazzdb technically does not crash on bullseye, a fix for the issue helps
us in avoiding a Breaks in glibc for bullseye -> bookworm upgrades.

[ Tests ]
The code is covered by autopkgtests

[ Risks ]
It's the exact same patch as in unstable.

[ Checklist ]
  [x] *all* changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in (old)stable
  [x] the issue is verified as fixed in unstable

Cheers
-- 
Sebastian Ramacher
-------------- next part --------------
diff -Nru dazzdb-1.0+git20201103.8d98c37/debian/changelog dazzdb-1.0+git20201103.8d98c37/debian/changelog
--- dazzdb-1.0+git20201103.8d98c37/debian/changelog	2021-01-19 10:02:03.000000000 +0100
+++ dazzdb-1.0+git20201103.8d98c37/debian/changelog	2021-09-17 20:48:03.000000000 +0200
@@ -1,3 +1,10 @@
+dazzdb (1.0+git20201103.8d98c37-1+deb11u1) bullseye; urgency=medium
+
+  [ Aurelien Jarno ]
+  * Fix a use-after-free in DBstats (Closes: #993770)
+
+ -- Sebastian Ramacher <sramacher at debian.org>  Fri, 17 Sep 2021 20:48:03 +0200
+
 dazzdb (1.0+git20201103.8d98c37-1) unstable; urgency=medium
 
   * New upstream version
diff -Nru dazzdb-1.0+git20201103.8d98c37/debian/patches/series dazzdb-1.0+git20201103.8d98c37/debian/patches/series
--- dazzdb-1.0+git20201103.8d98c37/debian/patches/series	2021-01-19 10:02:03.000000000 +0100
+++ dazzdb-1.0+git20201103.8d98c37/debian/patches/series	2021-09-14 20:49:54.000000000 +0200
@@ -2,3 +2,4 @@
 compiler-flags.patch
 destdir.patch
 cross.patch
+use-after-free.patch
diff -Nru dazzdb-1.0+git20201103.8d98c37/debian/patches/use-after-free.patch dazzdb-1.0+git20201103.8d98c37/debian/patches/use-after-free.patch
--- dazzdb-1.0+git20201103.8d98c37/debian/patches/use-after-free.patch	1970-01-01 01:00:00.000000000 +0100
+++ dazzdb-1.0+git20201103.8d98c37/debian/patches/use-after-free.patch	2021-09-14 20:49:57.000000000 +0200
@@ -0,0 +1,16 @@
+Description: fix a use-after-free causing a segmentation fault with glibc 2.32
+Author: Aurelien Jarno <aurel32 at debian.org>
+Forwarded: https://github.com/thegenemyers/DAZZ_DB/issues/41 
+Last-Update: 2021-09-14
+
+--- dazzdb-1.0+git20201103.8d98c37.orig/DBstats.c
++++ dazzdb-1.0+git20201103.8d98c37/DBstats.c
+@@ -346,8 +346,6 @@ int main(int argc, char *argv[])
+               }
+           }
+         printf("\n");
+-
+-        Close_Track(db,track);
+       }
+   }
+ 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/debian-med-packaging/attachments/20210917/0c7c79e4/attachment.sig>

More information about the Debian-med-packaging mailing list