diff -u t1lib-5.1.0/debian/changelog t1lib-5.1.0/debian/changelog --- t1lib-5.1.0/debian/changelog +++ t1lib-5.1.0/debian/changelog @@ -1,3 +1,10 @@ +t1lib (5.1.0-3) unstable; urgency=low + + * Apply patch from Artur R. Czechowski to fix CVE-2007-4033. + (Closes: #439927) + + -- Torsten Werner Mon, 17 Sep 2007 23:25:45 +0200 + t1lib (5.1.0-2) unstable; urgency=low * Upload to unstable only in patch2: unchanged: --- t1lib-5.1.0.orig/lib/t1lib/t1env.c +++ t1lib-5.1.0/lib/t1lib/t1env.c @@ -611,6 +611,12 @@ #endif strcat( pathbuf, DIRECTORY_SEP); /* And finally the filename: */ + /* If current pathbuf + StrippedName + 1 byte for NULL is bigger than pathbuf + let's try next pathbuf */ + if( strlen(pathbuf) + strlen(StrippedName) + 1 > sizeof(pathbuf) ) { + i++; + continue; + } strcat( pathbuf, StrippedName); /* Check for existence of the path: */