[Pkg-nagios-changes] [pkg-nagios] r909 - in nagios2/trunk/debian: . patches

Marc Haber zugschlus at costa.debian.org
Tue May 23 14:58:47 UTC 2006


Author: zugschlus
Date: 2006-05-23 14:58:46 +0000 (Tue, 23 May 2006)
New Revision: 909

Removed:
   nagios2/trunk/debian/patches/10_CVE-2006-2162_content-length.dpatch
Modified:
   nagios2/trunk/debian/changelog
   nagios2/trunk/debian/patches/00list
Log:
  * CVE-2006-2489 was already fixed locally in 2.3-1
    * remove dpatch



Modified: nagios2/trunk/debian/changelog
===================================================================
--- nagios2/trunk/debian/changelog	2006-05-23 14:55:45 UTC (rev 908)
+++ nagios2/trunk/debian/changelog	2006-05-23 14:58:46 UTC (rev 909)
@@ -2,7 +2,8 @@
 
   [Marc Haber]
   * new upstream version
-  * CVE-2006-2489 was already fixed in 2.3-1
+  * CVE-2006-2489 was already fixed locally in 2.3-1
+    * remove dpatch
   * Add nagios2-dbg package
   * Fix typos in debian/control
 
@@ -14,7 +15,7 @@
     in the config script, as fresh installations may not have the file
     available (if using apt instead of dpkg, for example).  Closes: #353966.
 
- -- sean finney <seanius at debian.org>  Tue, 23 May 2006 16:43:21 +0200
+ -- Marc Haber <mh+debian-packages at zugschlus.de>  Tue, 23 May 2006 14:58:11 +0000
 
 nagios2 (2.3-1) unstable; urgency=high
 

Modified: nagios2/trunk/debian/patches/00list
===================================================================
--- nagios2/trunk/debian/patches/00list	2006-05-23 14:55:45 UTC (rev 908)
+++ nagios2/trunk/debian/patches/00list	2006-05-23 14:58:46 UTC (rev 909)
@@ -1 +0,0 @@
-10_CVE-2006-2162_content-length.dpatch

Deleted: nagios2/trunk/debian/patches/10_CVE-2006-2162_content-length.dpatch
===================================================================
--- nagios2/trunk/debian/patches/10_CVE-2006-2162_content-length.dpatch	2006-05-23 14:55:45 UTC (rev 908)
+++ nagios2/trunk/debian/patches/10_CVE-2006-2162_content-length.dpatch	2006-05-23 14:58:46 UTC (rev 909)
@@ -1,31 +0,0 @@
-#! /bin/sh /usr/share/dpatch/dpatch-run
-## 10_CVE-2006-2162_content-length.dpatch by  <seanius at debian.org>
-##
-## All lines beginning with `## DP:' are a description of the patch.
-## DP: No description.
-
- at DPATCH@
-diff -urNad nagios2-2.3~/cgi/getcgi.c nagios2-2.3/cgi/getcgi.c
---- nagios2-2.3~/cgi/getcgi.c	2006-04-12 21:17:23.000000000 +0200
-+++ nagios2-2.3/cgi/getcgi.c	2006-05-12 13:18:04.000000000 +0200
-@@ -10,6 +10,7 @@
- #include "../include/getcgi.h"
- #include <stdio.h>
- #include <stdlib.h>
-+#include <limits.h>
- 
- 
- #undef PARANOID_CGI_INPUT
-@@ -169,8 +170,10 @@
- 			printf("getcgivars(): No Content-Length was sent with the POST request.\n") ;
- 			exit(1);
- 		        }
--		if(content_length<0)
--			content_length=0;
-+		if((content_length<0) || (content_length >= INT_MAX-1)){
-+			printf("getcgivars(): Suspicious Content-Length was sent with the POST request.\n");
-+			exit(1);
-+			}
- 		if(!(cgiinput=(char *)malloc(content_length+1))){
- 			printf("getcgivars(): Could not allocate memory for CGI input.\n");
- 			exit(1);




More information about the Pkg-nagios-changes mailing list