Hi, a part of the original patch was patching in the wrong direction and since you built a new upstream revision the whole thing got dispatched. I will upload an NMU now to fix this cause a part of my original patch caused this.
Kind regards and sorry Nico -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
reverted:
--- mt-daapd-0.9~r1696/debian/patches/02_security.dpatch
+++ mt-daapd-0.9~r1696.orig/debian/patches/02_security.dpatch
@@ -1,17 +0,0 @@
-#! /bin/sh /usr/share/dpatch/dpatch-run
-## CVE-2007-5825-2007-5825.dpatch by Nico Golde <[EMAIL PROTECTED]>
-##
-## All lines beginning with `## DP:' are a description of the patch.
-## DP: No description.
-
---- mt-daapd-0.9~r1696/src/webserver.c~ 2008-01-10 20:54:22.000000000 -0800
-+++ mt-daapd-0.9~r1696/src/webserver.c 2008-01-10 20:55:23.000000000 -0800
-@@ -926,7 +926,7 @@
- free(value);
- }
-
-- if(!last) {
-+ if(last == first) {
- ws_dprintf(L_WS_DBG,"Thread %d: Done parsing GET/POST args!\n",
- pwsc->threadno);
- done=1;
diff -u mt-daapd-0.9~r1696/debian/patches/00list mt-daapd-0.9~r1696/debian/patches/00list
--- mt-daapd-0.9~r1696/debian/patches/00list
+++ mt-daapd-0.9~r1696/debian/patches/00list
@@ -2 +1,0 @@
-02_security
diff -u mt-daapd-0.9~r1696/debian/changelog mt-daapd-0.9~r1696/debian/changelog
--- mt-daapd-0.9~r1696/debian/changelog
+++ mt-daapd-0.9~r1696/debian/changelog
@@ -1,3 +1,12 @@
+mt-daapd (0.9~r1696-1.1) unstable; urgency=high
+
+ * Non-maintainer upload by security team.
+ * Remove 02_secfix, the patch was patching in the wrong
+ direction, needed to fix crash on lines without ':'
+ (CVE-2007-5824; Closes: #459961).
+
+ -- Nico Golde <[EMAIL PROTECTED]> Sun, 13 Jan 2008 19:13:27 +0100
+
mt-daapd (0.9~r1696-1) unstable; urgency=low
* New upstream snapshot.
pgpwcqe4edj35.pgp
Description: PGP signature
