[Pkg-privacy-commits] [pidgin-otr] 01/01: Import 4.0.1-1+deb8u1 debdiff.
Intrigeri
intrigeri at moszumanska.debian.org
Sat Mar 26 11:21:03 UTC 2016
This is an automated email from the git hooks/post-receive script.
intrigeri pushed a commit to branch jessie
in repository pidgin-otr.
commit f5eec3f0c492fb6566dd315dfd48db4467bcffc8
Author: intrigeri <intrigeri at debian.org>
Date: Sat Mar 26 11:19:12 2016 +0000
Import 4.0.1-1+deb8u1 debdiff.
---
debian/changelog | 7 +++++
debian/patches/CVE-2015-8833.patch | 53 ++++++++++++++++++++++++++++++++++++++
debian/patches/series | 1 +
3 files changed, 61 insertions(+)
diff --git a/debian/changelog b/debian/changelog
index 58c33a1..b4c8493 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+pidgin-otr (4.0.1-1+deb8u1) jessie-security; urgency=high
+
+ * Non-maintainer upload.
+ * Fix CVE-2015-8833: Heap use-after-free issue during SMP.
+
+ -- Felix Geyer <fgeyer at debian.org> Tue, 22 Mar 2016 17:26:47 +0100
+
pidgin-otr (4.0.1-1) unstable; urgency=medium
* New upstream release.
diff --git a/debian/patches/CVE-2015-8833.patch b/debian/patches/CVE-2015-8833.patch
new file mode 100644
index 0000000..e1f11d7
--- /dev/null
+++ b/debian/patches/CVE-2015-8833.patch
@@ -0,0 +1,53 @@
+From aaf551b9dd5cbba8c4abaa3d4dc7ead860efef94 Mon Sep 17 00:00:00 2001
+From: Ian Goldberg <iang at cs.uwaterloo.ca>
+Date: Sun, 3 Jan 2016 16:53:20 -0500
+Subject: [PATCH] Fix use-after-free issue during SMP
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Thanks to Stefan Sperling <otr at stsp.name> and Hanno Böck
+<hanno at hboeck.de> for the report.
+
+Fixes #88
+
+Signed-off-by: Hanno Böck <hanno at hboeck.de>
+Signed-off-by: Ian Goldberg <iang at cs.uwaterloo.ca>
+---
+ gtk-dialog.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/gtk-dialog.c b/gtk-dialog.c
+index 09ec12e..309bee6 100644
+--- a/gtk-dialog.c
++++ b/gtk-dialog.c
+@@ -169,7 +169,7 @@ static void otrg_gtk_dialog_free_smp_data(PurpleConversation *conv)
+ g_hash_table_remove(conv->data, "otr-smpdata");
+ }
+
+-static void otrg_gtk_dialog_add_smp_data(PurpleConversation *conv)
++static SMPData* otrg_gtk_dialog_add_smp_data(PurpleConversation *conv)
+ {
+ SMPData *smp_data = malloc(sizeof(SMPData));
+ smp_data->smp_secret_dialog = NULL;
+@@ -182,6 +182,8 @@ static void otrg_gtk_dialog_add_smp_data(PurpleConversation *conv)
+ smp_data->their_instance = OTRL_INSTAG_BEST;
+
+ purple_conversation_set_data(conv, "otr-smpdata", smp_data);
++
++ return smp_data;
+ }
+
+ static GtkWidget *otr_icon(GtkWidget *image, TrustLevel level,
+@@ -777,7 +779,7 @@ static GtkWidget *create_smp_dialog(const char *title, const char *primary,
+ * will kill any existing SMP */
+ if (smp_data->their_instance != context->their_instance) {
+ otrg_gtk_dialog_free_smp_data(conv);
+- otrg_gtk_dialog_add_smp_data(conv);
++ smp_data = otrg_gtk_dialog_add_smp_data(conv);
+ }
+
+ if (!(smp_data->smp_secret_dialog)) {
+--
+2.8.0.rc3
+
diff --git a/debian/patches/series b/debian/patches/series
index 583be5f..9e0ad93 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1 +1,2 @@
0001-Use-AM_PROG_AR-if-available-it-is-required-by-recent.patch
+CVE-2015-8833.patch
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-privacy/packages/pidgin-otr.git
More information about the Pkg-privacy-commits
mailing list