[Erp5-report] r28736 - /spec/mandriva/python2.4-celementtree/
nobody at svn.erp5.org
nobody at svn.erp5.org
Tue Sep 1 21:22:50 CEST 2009
Author: kazuhiko
Date: Tue Sep 1 21:22:50 2009
New Revision: 28736
URL: http://svn.erp5.org?rev=28736&view=rev
Log:
- P0: security fix related to CVE-2009-2625
Added:
spec/mandriva/python2.4-celementtree/cElementTree-1.0.5-20051216-CVE-2009-XXXX.diff
Modified:
spec/mandriva/python2.4-celementtree/python2.4-celementtree.spec
Added: spec/mandriva/python2.4-celementtree/cElementTree-1.0.5-20051216-CVE-2009-XXXX.diff
URL: http://svn.erp5.org/spec/mandriva/python2.4-celementtree/cElementTree-1.0.5-20051216-CVE-2009-XXXX.diff?rev=28736&view=auto
==============================================================================
--- spec/mandriva/python2.4-celementtree/cElementTree-1.0.5-20051216-CVE-2009-XXXX.diff (added)
+++ spec/mandriva/python2.4-celementtree/cElementTree-1.0.5-20051216-CVE-2009-XXXX.diff [utf8] Tue Sep 1 21:22:50 2009
@@ -1,0 +1,15 @@
+
+ https://bugs.gentoo.org/show_bug.cgi?id=280615
+ http://svn.python.org/view?view=rev&revision=74429
+
+--- expat/xmltok_impl.c 2005-12-16 22:57:47.000000000 +0100
++++ expat/xmltok_impl.c.oden 2009-08-21 23:55:41.000000000 +0200
+@@ -1741,7 +1741,7 @@ PREFIX(updatePosition)(const ENCODING *e
+ const char *end,
+ POSITION *pos)
+ {
+- while (ptr != end) {
++ while (ptr < end) {
+ switch (BYTE_TYPE(enc, ptr)) {
+ #define LEAD_CASE(n) \
+ case BT_LEAD ## n: \
Modified: spec/mandriva/python2.4-celementtree/python2.4-celementtree.spec
URL: http://svn.erp5.org/spec/mandriva/python2.4-celementtree/python2.4-celementtree.spec?rev=28736&r1=28735&r2=28736&view=diff
==============================================================================
--- spec/mandriva/python2.4-celementtree/python2.4-celementtree.spec [utf8] (original)
+++ spec/mandriva/python2.4-celementtree/python2.4-celementtree.spec [utf8] Tue Sep 1 21:22:50 2009
@@ -2,17 +2,18 @@
%define name python2.4-celementtree
%define version 1.0.5
%define date_version 20051216
-%define rel 1
%define __python /usr/bin/python2.4
Name: %{name}
Version: %{version}
-Release: %mkrel %rel
+%define subrel 1
+Release: %mkrel 3
Summary: Add-on to the standard ElementTree package
Group: Development/Python
License: Python license
URL: http://effbot.org/zone/element-index.htm
Source0: http://effbot.org/downloads/%{module}-%{version}-%{date_version}.tar.bz2
+Patch0: cElementTree-1.0.5-20051216-CVE-2009-XXXX.diff
Requires: python2.4-elementtree
BuildRequires: python2.4 >= 2.2
BuildRoot: %{_tmppath}/%{name}-%{version}
@@ -23,6 +24,7 @@
%prep
%setup -q -n %{module}-%{version}-%{date_version}
+%patch0 -p0 -b .CVE-2009-XXXX
%build
@@ -42,16 +44,6 @@
%doc samples README* CHANGES*
-
%changelog
-* Fri Jan 05 2007 Michael Scherer <misc at mandriva.org> 1.0.5-1mdv2007.0
-+ Revision: 104360
-- update to 1.0.5
-- use %%rel for mkrel
-
-* Thu Dec 14 2006 Nicolas Lécureuil <neoclust at mandriva.org> 1.0.2-4mdv2007.1
-+ Revision: 96892
-- Rebuild against new python
-- Rebuild for new python
-- import python-celementtree-1.0.2-1mdk
-
+* Tue Sep 1 2009 Kazuhiko Shiozaki <kazuhiko at nexedi.com> 1.0.5-3.1nxd2009.1
+- P0: security fix related to CVE-2009-2625
More information about the Erp5-report
mailing list