Stefan Fritsch wrote on 23/08/2005 23:15:
>>Patch extracted from difference between upstream versions 6.0 and
>>6.1, modified to patch version 4.5. Patch is attached.
>
> While the issue corresponding to your patch should be fixed as well,
> this is not the patch for CAN-2005-2491. The securitytracker page
> states that 6.1 and prior versions are vulnerable. One needs to look
> at the differences between 6.1 and 6.2. The relevant changes are a
> bit larger.
Alright, this time I attach the correct patches (only source patches, no
debian changelog entry) for all three versions of libpcre3 currently in
the archive (3.4, 4.5, 5.0), attached. I could prepare a NMU, but as I
am no DD, I would need a sponsor for that (plus I don't really know how
to do the security-NMU to stable/oldstable anyhow - yet).
Stefan Fritsch wrote on 23/08/2005 23:15:
>>Patch extracted from difference between upstream versions 6.0 and
>>6.1, modified to patch version 4.5. Patch is attached.
>
> While the issue corresponding to your patch should be fixed as well,
> this is not the patch for CAN-2005-2491. The securitytracker page
> states that 6.1 and prior versions are vulnerable. One needs to look
> at the differences between 6.1 and 6.2. The relevant changes are a
> bit larger.
Alright, this time I attach the correct patches (only source patches, no
debian changelog entry) for all three versions of libpcre3 currently in
the archive (3.4, 4.5, 5.0), attached. I could prepare a NMU, but as I
am no DD, I would need a sponsor for that (plus I don't really know how
to do the security-NMU to stable/oldstable anyhow - yet).
cu,
sven