Bug#685969: fixed in gnugk 2:3.0.2-2
Adam D. Barratt
adam at adam-barratt.org.uk
Sun Sep 30 12:08:48 UTC 2012
Control: reopen -1
On Sat, 2012-09-29 at 23:32 +0000, Mark Purcell wrote:
> gnugk (2:3.0.2-2) unstable; urgency=medium
> .
> * Fix "CVE-2012-3534" Added gnugk-fix-cve-2012-3534.diff (Closes: #685969)
> * Urgency medium for RC bug
I was looking at the diff for this with a view to unblocking it, but as
far as I can see it's not actually fixed. The patch is indeed added to
the package, but not applied during build as:
$ cat debian/patches/series
#gnugk-fix-cve-2012-3534.diff
The patch does apply to the package, but attempting to build with it
enabled produces:
[CC] GkStatus.cxx
GkStatus.cxx:833:4: error: expected unqualified-id before 'else'
GkStatus.cxx:838:1: error: expected declaration before '}' token
Looking at
http://openh323gk.cvs.sourceforge.net/viewvc/openh323gk/openh323gk/GkStatus.cxx?r1=1.132&r2=1.133 , the patch in the Debian package includes the removal of the old lines around lines 833 and 843, but not the subsequent addition of the replacement lines. This means that we end up with
void GkStatus::AuthenticateClient(StatusClient* newClient)
{
newClient->SetTraceLevel(GkConfig()->GetInteger("StatusTraceLevel", MAX_STATUS_TRACE_LEVEL));
PTRACE(1, "STATUS\tNew client authenticated successfully: " << newClient->WhoAmI()
<< ", login: " << newClient->GetUser()
);
// the welcome messages
newClient->WriteString(PrintGkVersion());
newClient->Flush();
AddSocket(newClient);
} else {
newClient->WriteString("\r\nAccess forbidden!\r\n");
// newClient->Flush(); // dont' flush when access is denied to avoid blocking
delete newClient;
}
}
Regards,
Adam
More information about the Pkg-voip-maintainers
mailing list