proposed stable update for libcompress-raw-zlib-perl

Niko Tyni ntyni at debian.org
Wed Aug 26 21:25:44 UTC 2009 

Hi release team,

the security team deferred patching CVE-2009-1391 to the stable
update.  This needs to be fixed both in perl and the separate
libcompress-raw-zlib-perl. Please let me know if I can upload
the latter with the attached debdiff.

Thanks for your work,
-- 
Niko Tyni   ntyni at debian.org
-------------- next part --------------
diff -u libcompress-raw-zlib-perl-2.012/debian/changelog libcompress-raw-zlib-perl-2.012/debian/changelog
--- libcompress-raw-zlib-perl-2.012/debian/changelog
+++ libcompress-raw-zlib-perl-2.012/debian/changelog
@@ -1,3 +1,10 @@
+libcompress-raw-zlib-perl (2.012-1lenny1) stable; urgency=high
+
+  * [SECURITY] CVE-2009-1391: Fix a buffer overflow in inflate().
+    (Closes: #532738)
+
+ -- Niko Tyni <ntyni at debian.org>  Sat, 13 Jun 2009 22:19:41 +0300
+
 libcompress-raw-zlib-perl (2.012-1) unstable; urgency=low
 
   * New upstream release
diff -u libcompress-raw-zlib-perl-2.012/debian/patches/series libcompress-raw-zlib-perl-2.012/debian/patches/series
--- libcompress-raw-zlib-perl-2.012/debian/patches/series
+++ libcompress-raw-zlib-perl-2.012/debian/patches/series
@@ -1 +1,2 @@
+CVE-2009-1391
 use-debian-zlib.patch
only in patch2:
unchanged:
--- libcompress-raw-zlib-perl-2.012.orig/debian/patches/CVE-2009-1391
+++ libcompress-raw-zlib-perl-2.012/debian/patches/CVE-2009-1391
@@ -0,0 +1,18 @@
+[SECURITY] CVE-2009-1391: Fix a buffer overflow in inflate().
+
+Closes: #532738
+
+https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-1391
+
+Fix cherry-picked from upstream version 2.017.
+--- libcompress-raw-zlib-perl-2.012.orig/Zlib.xs
++++ libcompress-raw-zlib-perl-2.012/Zlib.xs
+@@ -1319,7 +1319,7 @@
+     while (RETVAL == Z_OK) {
+         if (s->stream.avail_out == 0 ) {
+ 	    /* out of space in the output buffer so make it bigger */
+-            Sv_Grow(output, SvLEN(output) + bufinc) ;
++            Sv_Grow(output, SvLEN(output) + bufinc +1) ;
+             cur_length += increment ;
+             s->stream.next_out = (Bytef*) SvPVbyte_nolen(output) + cur_length ;
+             increment = bufinc ;

More information about the pkg-perl-maintainers mailing list