Re: Bug#383030: Fix for one of the two vulnerabilities
Jens Peter Secher wrote:
> On 8/22/06, Martín Ferrari <martin.ferrari@gmail.com> wrote:
>
>> I think this patch fixes the first vulnerability reported. I'm CCing
>> debian-security as it would be good if somebody more seasoned in this
>> matters could take a look at it (please CC me).
>
> Lukáš Lalinský is upstream maintainer as well as Debian package
> maintainer. He is in the process of dealing with this.
>
> Lukáš, could you put a note about your plans the two open bugs?
Sure. Fix for both of them is already in the MusicBrainz SVN (for this one it's
http://bugs.musicbrainz.org/changeset/8440) and both of these fixes are also
included in the 2.1.4 release:
http://ftp.musicbrainz.org/pub/musicbrainz/libmusicbrainz-2.1.4.tar.gz
Here is the package for unstable:
http://users.musicbrainz.org/~luks/tmp/libmusicbrainz-2.1_2.1.4-1.diff.gz
http://users.musicbrainz.org/~luks/tmp/libmusicbrainz-2.1_2.1.4-1.dsc
http://users.musicbrainz.org/~luks/tmp/libmusicbrainz-2.1_2.1.4.orig.tar.gz
Jens, could you please upload it?
And for stable-security, this patch could be probably used (however I'm not sure
how to prepare the package):
http://bugs.musicbrainz.org/changeset/8440?format=diff&new=8440
-Lukáš
Reply to: