Version in base suite: 1.0.2-1+etch2
Version in overlay suite: (not present)

Base version: dbus_1.0.2-1+etch2
Target version: dbus_1.0.2-1+etch3
Base file: /org/ftp.debian.org/ftp/pool/main/d/dbus/dbus_1.0.2-1+etch2.dsc
Target file: /org/ftp.debian.org/queue/o-p-u-new/dbus_1.0.2-1+etch3.dsc

 dbus-1.0.2/debian/changelog        |   10 ++++++
 debian/patches/CVE-2009-1189.patch |   55 +++++++++++++++++++++++++++++++++++++
 2 files changed, 65 insertions(+)

diff -u dbus-1.0.2/debian/changelog dbus-1.0.2/debian/changelog
--- dbus-1.0.2/debian/changelog
+++ dbus-1.0.2/debian/changelog
@@ -1,3 +1,13 @@
+dbus (1.0.2-1+etch3) oldstable-security; urgency=high
+
+  * debian/patches/CVE-2009-1189.patch
+    - Security: The fix for CVE-2008-3834 was incomplete. This patch corrects
+      that. (Closes: #532720)
+      Fixes: CVE-2009-1189
+  * Urgency high for the security fix.
+
+ -- Michael Biebl <biebl@debian.org>  Thu, 25 Jun 2009 22:12:31 +0200
+
 dbus (1.0.2-1+etch2) stable-security; urgency=high
 
   * Non-maintainer upload by the security team
only in patch2:
unchanged:
--- dbus-1.0.2.orig/debian/patches/CVE-2009-1189.patch
+++ dbus-1.0.2/debian/patches/CVE-2009-1189.patch
@@ -0,0 +1,55 @@
+From 82c8109a0ab4e4711c902135c2218bc522afcc3d Mon Sep 17 00:00:00 2001
+From: Colin Walters <walters@verbum.org>
+Date: Wed, 01 Apr 2009 16:02:00 +0000
+Subject: Bug 17803 - Fix both test case and validation logic
+
+The previous commit had errors in both the test case and
+the validation logic.  The test case was missing a trailing
+comma before the previous one, so we weren't testing the
+signature we thought we were.
+
+The validation logic was wrong because if the type was not valid,
+we'd drop through the entire if clause, and thus skip returning
+an error code, and accept the signature.
+---
+diff --git a/dbus/dbus-marshal-validate-util.c b/dbus/dbus-marshal-validate-util.c
+index 5365d6d..ac901c3 100644
+--- a/dbus/dbus-marshal-validate-util.c
++++ b/dbus/dbus-marshal-validate-util.c
+@@ -227,7 +227,7 @@ _dbus_marshal_validate_test (void)
+     "not a valid signature",
+     "123",
+     ".",
+-    "("
++    "(",
+     "a{(ii)i}" /* https://bugs.freedesktop.org/show_bug.cgi?id=17803 */
+   };
+ 
+diff --git a/dbus/dbus-marshal-validate.c b/dbus/dbus-marshal-validate.c
+index 35998cb..ee95548 100644
+--- a/dbus/dbus-marshal-validate.c
++++ b/dbus/dbus-marshal-validate.c
+@@ -246,14 +246,15 @@ _dbus_validate_signature_with_reason (const DBusString *type_str,
+ 	    }
+         }
+ 
+-      if (last == DBUS_DICT_ENTRY_BEGIN_CHAR &&
+-          _dbus_type_is_valid (*p) &&
+-          !dbus_type_is_basic (*p))
++      if (last == DBUS_DICT_ENTRY_BEGIN_CHAR)
+         {
+-          result = DBUS_INVALID_DICT_KEY_MUST_BE_BASIC_TYPE;
+-          goto out;
++          if (!(_dbus_type_is_valid (*p) && dbus_type_is_basic (*p)))
++            {
++              result = DBUS_INVALID_DICT_KEY_MUST_BE_BASIC_TYPE;
++              goto out;
++            }
+         }
+-        
++
+       last = *p;
+       ++p;
+     }
+--
+cgit v0.8.2