From 406aae5be358b82731769f79d9fffbbecc01d26c Mon Sep 17 00:00:00 2001
From: Sean Finney <seanius@debian.org>
Date: Fri, 10 Apr 2009 14:37:01 +0200
Subject: Imported Debian patch 5.2.0-8+etch7

---
 debian/changelog                       |  9 +++++++++
 debian/patches/124-CVE-2007-1864.patch | 11 +++++++++++
 2 files changed, 20 insertions(+)
 create mode 100644 debian/patches/124-CVE-2007-1864.patch

diff --git a/debian/changelog b/debian/changelog
index d2bad8838..6821e5558 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,12 @@
+php5 (5.2.0-8+etch7) stable-security; urgency=low
+
+  * An addendum to the previous security NMU, the following vulnerability
+    is also fixed:
+    - CVE-2007-1864: Buffer overflow in the bundled libxmlrpc library.
+  * Thanks to Joe Orton from redhat for sharing the patch.
+
+ -- sean finney <seanius@debian.org>  Mon, 02 Jul 2007 22:00:09 +0200
+
 php5 (5.2.0-8+etch6) stable-security; urgency=low
 
   * NMU prepared for the security team by the package maintainer.
diff --git a/debian/patches/124-CVE-2007-1864.patch b/debian/patches/124-CVE-2007-1864.patch
new file mode 100644
index 000000000..57a66fde9
--- /dev/null
+++ b/debian/patches/124-CVE-2007-1864.patch
@@ -0,0 +1,11 @@
+--- old/ext/xmlrpc/libxmlrpc/xml_to_soap.c	2007-06-30 14:37:52.000000000 +0200
++++ new/ext/xmlrpc/libxmlrpc/xml_to_soap.c	2007-06-30 14:38:38.000000000 +0200
+@@ -75,7 +75,7 @@
+ }
+ 
+ struct array_info {
+-	char          kids_type[30];
++	char          kids_type[128];
+ 	unsigned long size;
+ 	/* ... ? */
+ };
-- 
cgit v1.2.3