Version in base suite: 8.01-5
Version in overlay suite: 8.01-6

Base version: gs-gpl_8.01-5
Target version: gs-gpl_8.01-6
Base file: /org/ftp.debian.org/ftp/pool/main/g/gs-gpl/gs-gpl_8.01-5.dsc
Target file: /org/ftp.debian.org/ftp/pool/main/g/gs-gpl/gs-gpl_8.01-6.dsc

diff -u gs-gpl-8.01/debian/patches/00list gs-gpl-8.01/debian/patches/00list
--- gs-gpl-8.01/debian/patches/00list
+++ gs-gpl-8.01/debian/patches/00list
@@ -13,0 +14 @@
+24_CVE-2008-0411
diff -u gs-gpl-8.01/debian/changelog gs-gpl-8.01/debian/changelog
--- gs-gpl-8.01/debian/changelog
+++ gs-gpl-8.01/debian/changelog
@@ -1,3 +1,9 @@
+gs-gpl (8.01-6) oldstable-security; urgency=high
+
+  * Fix CVE-2008-0411
+
+ -- Moritz Muehlenhoff <jmm@debian.org>  Wed, 20 Feb 2008 00:49:36 +0100
+
 gs-gpl (8.01-5) unstable; urgency=high
 
   * [NEWS] added a note on CJK TTF support.
only in patch2:
unchanged:
--- gs-gpl-8.01.orig/debian/patches/24_CVE-2008-0411.dpatch
+++ gs-gpl-8.01/debian/patches/24_CVE-2008-0411.dpatch
@@ -0,0 +1,30 @@
+#! /bin/sh -e
+
+if [ $# -ne 1 ]; then
+    echo >&2 "`basename $0`: script expects -patch|-unpatch as argument"
+    exit 1
+fi
+case "$1" in
+        -patch) patch -f --no-backup-if-mismatch --dry-run -p1 < $0 && patch -f --no-backup-if-mismatch -p1 < $0
+;;
+        -unpatch) patch -f --no-backup-if-mismatch -R -p1 < $0;;
+        *)
+                echo >&2 "`basename $0`: script expects -patch|-unpatch as argument"
+                exit 1;;
+esac
+
+exit 0
+
+diff -Naur gs-esp-8.15.3.dfsg.1.orig/src/zicc.c gs-esp-8.15.3.dfsg.1/src/zicc.c
+--- gs-esp-8.15.3.dfsg.1.orig/src/zicc.c	2005-01-19 05:08:41.000000000 +0100
++++ gs-gpl-8.01/src/zicc.c	2008-02-14 11:33:08.000000000 +0100
+@@ -80,6 +80,9 @@
+     dict_find_string(op, "N", &pnval);
+     ncomps = pnval->value.intval;
+ 
++    if (2*ncomps > sizeof(range_buff)/sizeof(float))
++      return_error(e_rangecheck);
++
+     /* verify the DataSource entry */
+     if (dict_find_string(op, "DataSource", &pstrmval) <= 0)
+         return_error(e_undefined);