Version in base suite: 0.11.1-1.2etch1
Version in overlay suite: (not present)

Base version: elinks_0.11.1-1.2etch1
Target version: elinks_0.11.1-1.2etch2
Base file: /org/ftp.debian.org/ftp/pool/main/e/elinks/elinks_0.11.1-1.2etch1.dsc
Target file: /org/ftp.debian.org/queue/o-p-u-new/elinks_0.11.1-1.2etch2.dsc

 elinks-0.11.1/debian/changelog |    6 ++++++
 src/intl/charsets.c            |   24 ++++++++++++------------
 2 files changed, 18 insertions(+), 12 deletions(-)

diff -u elinks-0.11.1/debian/changelog elinks-0.11.1/debian/changelog
--- elinks-0.11.1/debian/changelog
+++ elinks-0.11.1/debian/changelog
@@ -1,3 +1,9 @@
+elinks (0.11.1-1.2etch2) oldstable-security; urgency=high
+
+  * CVE-2008-7224
+
+ -- Moritz Muehlenhoff <jmm@debian.org>  Sun,  4 Oct 2009 20:13:38 +0000
+
 elinks (0.11.1-1.2etch1) stable-security; urgency=high
 
   * Non-maintainer upload by The Security Team.
only in patch2:
unchanged:
--- elinks-0.11.1.orig/src/intl/charsets.c
+++ elinks-0.11.1/src/intl/charsets.c
@@ -543,7 +543,17 @@
 end:
 	/* Take care of potential buffer overflow. */
 	if (strlen < sizeof(entity_cache[slen][0].str)) {
-		struct entity_cache *ece = &entity_cache[slen][nb_entity_cache[slen]];
+		struct entity_cache *ece;
+
+		/* Sort entries by hit order. */
+		if (nb_entity_cache[slen] > 1)
+			qsort(&entity_cache[slen][0], nb_entity_cache[slen],
+			      sizeof(entity_cache[slen][0]), (void *) hits_cmp);
+
+		/* Increment number of cache entries if possible.
+		 * Else, just replace the least used entry.  */
+		if (nb_entity_cache[slen] < ENTITY_CACHE_SIZE) nb_entity_cache[slen]++;
+		ece = &entity_cache[slen][nb_entity_cache[slen] - 1];
 
 		/* Copy new entry to cache. */
 		ece->hits = 1;
@@ -553,21 +563,11 @@
 		memcpy(ece->str, str, strlen);
 		ece->str[strlen] = '\0';
 
-		/* Increment number of cache entries if possible. */
-		if (nb_entity_cache[slen] < ENTITY_CACHE_SIZE) nb_entity_cache[slen]++;
 
 #ifdef DEBUG_ENTITY_CACHE
 		fprintf(stderr, "Added in [%u]: l=%d st='%s'\n", slen,
 				entity_cache[slen][0].strlen, entity_cache[slen][0].str);
 
-#endif
-
-		/* Sort entries by hit order. */
-		if (nb_entity_cache[slen] > 1)
-			qsort(&entity_cache[slen][0], nb_entity_cache[slen],
-			      sizeof(entity_cache[slen][0]), (void *) hits_cmp);
-
-#ifdef DEBUG_ENTITY_CACHE
 	{
 		unsigned int i;
 
@@ -578,7 +578,7 @@
 				entity_cache[slen][i].str);
 		fprintf(stderr, "-----------------\n");
 	}
-#endif
+#endif	/* DEBUG_ENTITY_CACHE */
 	}
 	return result;
 }