Branko Èibej <brane@xbc.nu> writes:
> Yes, I found that patch after I posted the above, but the problem is
> that I don't understand it -- in other words, I've no ides if it's
> correct.
Debian appear to use the same patch:
$ interdiff zlib_1.2.2-4.diff zlib_1.2.2-4.sarge.1.diff
diff -u zlib-1.2.2/debian/changelog zlib-1.2.2/debian/changelog
--- zlib-1.2.2/debian/changelog
+++ zlib-1.2.2/debian/changelog
@@ -1,3 +1,9 @@
+zlib (1:1.2.2-4.sarge.1) stable-security; urgency=high
+
+ * [SECURITY] code set check in inftrees.c
+
+ -- Michael Stone <mstone@debian.org> Sat, 02 Jul 2005 22:26:52 -0400
+
zlib (1:1.2.2-4) unstable; urgency=low
* Run dh_installdeb before dh_shlibdeps (closes: #282882).
only in patch2:
unchanged:
--- zlib-1.2.2.orig/debian/patches/020-codeset-check
+++ zlib-1.2.2/debian/patches/020-codeset-check
@@ -0,0 +1,11 @@
+--- zlib-1.2.2.orig/inftrees.c 2004-09-15 15:30:06.000000000 +0100
++++ zlib-1.2.2/inftrees.c 2005-07-02 14:42:24.270321629 +0100
+@@ -134,7 +134,7 @@
+ left -= count[len];
+ if (left < 0) return -1; /* over-subscribed */
+ }
+- if (left > 0 && (type == CODES || (codes - count[0] != 1)))
++ if (left > 0 && (type == CODES || max != 1))
+ return -1; /* incomplete set */
+
+ /* generate offsets into symbol table for each length for sorting */
--
Philip Martin
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Sat Jul 9 22:21:37 2005