Version in base suite: 0.52.2-11.3
Version in overlay suite: (not present)

Base version: newt_0.52.2-11.3
Target version: newt_0.52.2-11.3+lenny1
Base file: /org/ftp.debian.org/ftp/pool/main/n/newt/newt_0.52.2-11.3.dsc
Target file: /org/ftp.debian.org/queue/p-u-new/newt_0.52.2-11.3+lenny1.dsc

 debian/patches/600_CVE-2009-2905.patch |   11 +++++++++++
 newt-0.52.2/debian/changelog           |    8 ++++++++
 2 files changed, 19 insertions(+)

diff -u newt-0.52.2/debian/changelog newt-0.52.2/debian/changelog
--- newt-0.52.2/debian/changelog
+++ newt-0.52.2/debian/changelog
@@ -1,3 +1,11 @@
+newt (0.52.2-11.3+lenny1) stable-security; urgency=high
+
+  * Non-maintainer upload by the security team
+  * Include patch to fix buffer overflow in content processing code
+    Fixes: CVE-2009-2905
+
+ -- Steffen Joeris <white@debian.org>  Tue, 22 Sep 2009 06:50:23 +0000
+
 newt (0.52.2-11.3) unstable; urgency=low
 
   * NMU
only in patch2:
unchanged:
--- newt-0.52.2.orig/debian/patches/600_CVE-2009-2905.patch
+++ newt-0.52.2/debian/patches/600_CVE-2009-2905.patch
@@ -0,0 +1,11 @@
+--- textbox.c.old	2009-09-22 11:31:37.000000000 +0000
++++ newt-0.52.2/textbox.c	2009-09-22 11:31:47.000000000 +0000
+@@ -177,7 +177,7 @@
+ 
+     if (resultPtr) {
+ 	/* XXX I think this will work */
+-	result = malloc(strlen(text) + (strlen(text) / width) + 2);
++	result = malloc(strlen(text) + (strlen(text) / (width - 1)) + 2);
+ 	*result = '\0';
+     }
+