diff -Nru confuse-2.7/debian/changelog confuse-2.7/debian/changelog --- confuse-2.7/debian/changelog 2014-05-25 19:56:25.000000000 +0000 +++ confuse-2.7/debian/changelog 2018-08-30 15:45:36.000000000 +0000 @@ -1,3 +1,18 @@ +confuse (2.7-5+deb8u1build0.16.04.1) xenial-security; urgency=medium + + * fake sync from Debian + + -- Mike Salvatore Thu, 30 Aug 2018 11:45:36 -0400 + +confuse (2.7-5+deb8u1) jessie-security; urgency=medium + + * Non-maintainer upload for the LTS team. + * Add debian/patches/CVE-2018-14447.patch from upstream to fix + an out of bound read in trim_whitespace (CVE-2018-14447). Closes: + #904159. Thanks to Sebastian Roland for the patch. + + -- Holger Levsen Sat, 18 Aug 2018 22:32:47 +0200 + confuse (2.7-5) unstable; urgency=low * Switch to dpkg-source 3.0 (quilt) format. diff -Nru confuse-2.7/debian/patches/CVE-2018-14447.patch confuse-2.7/debian/patches/CVE-2018-14447.patch --- confuse-2.7/debian/patches/CVE-2018-14447.patch 1970-01-01 00:00:00.000000000 +0000 +++ confuse-2.7/debian/patches/CVE-2018-14447.patch 2018-08-18 18:14:56.000000000 +0000 @@ -0,0 +1,19 @@ +commit f2bfb905f2b8c1e8f20a608768ebf49d3a5a6d0b +Author: Sebastian Roland +Date: Sun Aug 12 09:56:36 2018 +0200 + + Fixes #109 + +Index: confuse-2.7/src/lexer.l +=================================================================== +--- confuse-2.7.orig/src/lexer.l ++++ confuse-2.7/src/lexer.l +@@ -322,7 +322,7 @@ static void qputc(char ch) + { + if(qstring_index >= qstring_len) { + qstring_len += CFG_QSTRING_BUFSIZ; +- cfg_qstring = (char *)realloc(cfg_qstring, qstring_len); ++ cfg_qstring = (char *)realloc(cfg_qstring, qstring_len + 1); + assert(cfg_qstring); + memset(cfg_qstring + qstring_index, 0, CFG_QSTRING_BUFSIZ); + } diff -Nru confuse-2.7/debian/patches/series confuse-2.7/debian/patches/series --- confuse-2.7/debian/patches/series 2014-05-25 19:56:16.000000000 +0000 +++ confuse-2.7/debian/patches/series 2018-08-18 18:13:13.000000000 +0000 @@ -1,2 +1,3 @@ 01-german-translation.patch 02-doxygen-dotfont.patch +CVE-2018-14447.patch