Version in base suite: 1.5.6.5-3+lenny1
Version in overlay suite: (not present)

Base version: git-core_1.5.6.5-3+lenny1
Target version: git-core_1.5.6.5-3+lenny2
Base file: /org/ftp.debian.org/ftp/pool/main/g/git-core/git-core_1.5.6.5-3+lenny1.dsc
Target file: /org/ftp.debian.org/queue/p-u-new/git-core_1.5.6.5-3+lenny2.dsc

 debian/diff/SA35437.diff          |   36 ++++++++++++++++++++++++++++++++++++
 git-core-1.5.6.5/debian/changelog |    9 +++++++++
 2 files changed, 45 insertions(+)

diff -u git-core-1.5.6.5/debian/changelog git-core-1.5.6.5/debian/changelog
--- git-core-1.5.6.5/debian/changelog
+++ git-core-1.5.6.5/debian/changelog
@@ -1,3 +1,12 @@
+git-core (1:1.5.6.5-3+lenny2) stable-security; urgency=high
+
+  * Non-maintainer upload by the Security Team.
+  * Apply upstream patch (SA35437.diff) to skip extra arguments and
+    prevent infinite loop leading to denial of service attacks
+    (No CVE id yet; SA35437; Closes: #532935).
+
+ -- Nico Golde <nion@debian.org>  Wed, 17 Jun 2009 13:44:13 +0000
+
 git-core (1:1.5.6.5-3+lenny1) stable-security; urgency=high
 
   * debian/diff/0006-Install-templates-with-the-user-and-group...diff:
only in patch2:
unchanged:
--- git-core-1.5.6.5.orig/debian/diff/SA35437.diff
+++ git-core-1.5.6.5/debian/diff/SA35437.diff
@@ -0,0 +1,36 @@
+--- b/daemon.c	2008-08-06 23:38:47.000000000 +0000
++++ a/daemon.c	2009-06-17 13:43:23.000000000 +0000
+@@ -434,13 +434,13 @@
+  * Separate the "extra args" information as supplied by the client connection.
+  * Any resulting data is squirreled away in the given interpolation table.
+  */
+-static void parse_extra_args(struct interp *table, char *extra_args, int buflen)
++static void parse_host_arg(struct interp *table, char *extra_args, int buflen)
+ {
+ 	char *val;
+ 	int vallen;
+ 	char *end = extra_args + buflen;
+ 
+-	while (extra_args < end && *extra_args) {
++	if (extra_args < end && *extra_args) {
+ 		saw_extended_args = 1;
+ 		if (strncasecmp("host=", extra_args, 5) == 0) {
+ 			val = extra_args + 5;
+@@ -460,6 +460,8 @@
+ 			/* On to the next one */
+ 			extra_args = val + vallen;
+ 		}
++		if (extra_args < end && *extra_args)
++			die("Invalid request");
+ 	}
+ }
+ 
+@@ -579,7 +581,7 @@
+ 	interp_set_entry(interp_table, INTERP_SLOT_PERCENT, "%");
+ 
+ 	if (len != pktlen) {
+-	    parse_extra_args(interp_table, line + len + 1, pktlen - len - 1);
++	    parse_host_arg(interp_table, line + len + 1, pktlen - len - 1);
+ 	    fill_in_extra_table_entries(interp_table);
+ 	}
+