diff -Nru atheme-services-6.0.11/debian/changelog atheme-services-6.0.11/debian/changelog --- atheme-services-6.0.11/debian/changelog 2014-07-08 03:53:40.000000000 +0000 +++ atheme-services-6.0.11/debian/changelog 2016-05-24 13:21:37.000000000 +0000 @@ -1,3 +1,15 @@ +atheme-services (6.0.11-2+deb8u1build0.16.04.1) xenial-security; urgency=medium + + * fake sync from Debian + + -- Marc Deslauriers Tue, 24 May 2016 09:21:37 -0400 + +atheme-services (6.0.11-2+deb8u1) jessie-security; urgency=high + + * add patch to fix CVE-2016-4478 + + -- Antoine Beaupré Tue, 03 May 2016 12:33:43 -0400 + atheme-services (6.0.11-2) unstable; urgency=medium [ Antoine Beaupré ] diff -Nru atheme-services-6.0.11/debian/patches/CVE-2016-4478.patch atheme-services-6.0.11/debian/patches/CVE-2016-4478.patch --- atheme-services-6.0.11/debian/patches/CVE-2016-4478.patch 1970-01-01 00:00:00.000000000 +0000 +++ atheme-services-6.0.11/debian/patches/CVE-2016-4478.patch 2016-05-14 21:14:51.000000000 +0000 @@ -0,0 +1,22 @@ +From 87580d767868360d2fed503980129504da84b63e Mon Sep 17 00:00:00 2001 +From: Hans-Christian Esperer +Date: Sat, 9 Jan 2016 19:58:58 +0100 +Subject: [PATCH] Do not copy more bytes than were allocated + +--- + modules/transport/xmlrpc/xmlrpclib.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/modules/xmlrpc/xmlrpclib.c ++++ b/modules/xmlrpc/xmlrpclib.c +@@ -774,8 +774,9 @@ void xmlrpc_char_encode(char *outbuffer, + s->append_char(s, c); + } + } ++ s->append_char(s, 0); + +- memcpy(outbuffer, s->str, XMLRPC_BUFSIZE); ++ strncpy(outbuffer, s->str, XMLRPC_BUFSIZE); + } + + static void xmlrpc_append_char_encode(string_t *s, const char *s1) diff -Nru atheme-services-6.0.11/debian/patches/series atheme-services-6.0.11/debian/patches/series --- atheme-services-6.0.11/debian/patches/series 1970-01-01 00:00:00.000000000 +0000 +++ atheme-services-6.0.11/debian/patches/series 2016-05-14 21:14:51.000000000 +0000 @@ -0,0 +1 @@ +CVE-2016-4478.patch