Hi,
I uploaded an NMU of your package.
Please see this as help to get the package into a releaseable condition for
etch.
Please find the used diff below.
Cheers,
Andi
diff -ur ../gnupg2-2.0.0~/debian/changelog ../gnupg2-2.0.0/debian/changelog
--- ../gnupg2-2.0.0~/debian/changelog 2006-12-04 18:41:42.000000000 +0000
+++ ../gnupg2-2.0.0/debian/changelog 2006-12-04 18:42:48.000000000 +0000
@@ -1,3 +1,10 @@
+gnupg2 (2.0.0-5.1) unstable; urgency=high
+
+ * Non-maintainer upload.
+ * Fix buffer overflow, CVE-2006-6169. Closes: #400777
+
+ -- Andreas Barth <[EMAIL PROTECTED]> Mon, 4 Dec 2006 18:42:06 +0000
+
gnupg2 (2.0.0-5) unstable; urgency=high
* debian/control: Remove unnecessary dependencies on makedev and
diff -ur ../gnupg2-2.0.0~/g10/openfile.c ../gnupg2-2.0.0/g10/openfile.c
--- ../gnupg2-2.0.0~/g10/openfile.c 2006-09-14 14:18:39.000000000 +0000
+++ ../gnupg2-2.0.0/g10/openfile.c 2006-12-04 18:43:28.000000000 +0000
@@ -145,8 +145,8 @@
s = _("Enter new filename");
- n = strlen(s) + namelen + 10;
defname = name && namelen? make_printable_string( name, namelen, 0): NULL;
+ n = strlen(s) + (defname?strlen (defname):0) + 10;
prompt = xmalloc(n);
if( defname )
sprintf(prompt, "%s [%s]: ", s, defname );
--
http://home.arcor.de/andreas-barth/
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
