Hi, attached is an NMU proposal. It will be also archived on: http://people.debian.org/~nion/nmu-diff/syslog-ng-2.0.5-3_2.0.5-3.1.patch
Kind regards Nico -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
diff -u syslog-ng-2.0.5/debian/changelog syslog-ng-2.0.5/debian/changelog
--- syslog-ng-2.0.5/debian/changelog
+++ syslog-ng-2.0.5/debian/changelog
@@ -1,3 +1,13 @@
+syslog-ng (2.0.5-3.1) unstable; urgency=high
+
+ * Non-maintainer upload by security team.
+ * This update addresses the following security issue:
+ - A remote attacker can cause a denial of service (crash)
+ via a crafted log message that is missing a whitespace
+ at the end of the timestamp (CVE-2007-6437; Closes: #457334).
+
+ -- Nico Golde <[EMAIL PROTECTED]> Sat, 22 Dec 2007 14:33:13 +0100
+
syslog-ng (2.0.5-3) unstable; urgency=low
* Added watchfile.
only in patch2:
unchanged:
--- syslog-ng-2.0.5.orig/src/logmsg.c
+++ syslog-ng-2.0.5/src/logmsg.c
@@ -209,7 +209,10 @@
p = memchr(src, ' ', left);
- stamp_length = (p - src);
+ if(p)
+ stamp_length = (p - src);
+ else
+ stamp_length = left;
g_string_assign_len(&self->date, src, stamp_length);
pgpfStwQ6X3uA.pgp
Description: PGP signature

