diff -Nru sysstat-12.2.0/debian/changelog sysstat-12.2.0/debian/changelog --- sysstat-12.2.0/debian/changelog 2019-12-22 11:44:20.000000000 +0000 +++ sysstat-12.2.0/debian/changelog 2019-12-23 19:11:03.000000000 +0000 @@ -1,3 +1,10 @@ +sysstat (12.2.0-2) unstable; urgency=medium + + * Add 11-Double-free-in-check_file_actlst.patch, taken from upstream, + to really fix CVE-2019-19725 (closes: #946657). + + -- Robert Luberda Mon, 23 Dec 2019 20:11:03 +0100 + sysstat (12.2.0-1) unstable; urgency=medium * New upstream stable version: diff -Nru sysstat-12.2.0/debian/patches/11-Double-free-in-check_file_actlst.patch sysstat-12.2.0/debian/patches/11-Double-free-in-check_file_actlst.patch --- sysstat-12.2.0/debian/patches/11-Double-free-in-check_file_actlst.patch 1970-01-01 00:00:00.000000000 +0000 +++ sysstat-12.2.0/debian/patches/11-Double-free-in-check_file_actlst.patch 2019-12-23 19:11:03.000000000 +0000 @@ -0,0 +1,25 @@ +From: Sebastien GODARD +Date: Mon, 9 Dec 2019 17:54:07 +0100 +Subject: Fix #242: Double free in check_file_actlst() + +Avoid freeing buffer() twice. + +Signed-off-by: Sebastien GODARD + +Bugs-Debian: https://bugs.debian.org/946657 +--- + sa_common.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/sa_common.c b/sa_common.c +index de9c28a..32d1ea6 100644 +--- a/sa_common.c ++++ b/sa_common.c +@@ -2152,6 +2152,7 @@ void check_file_actlst(int *ifd, char *dfile, struct activity *act[], uint64_t f + } + + free(buffer); ++ buffer = NULL; + + /* Check that at least one activity selected by the user is available in file */ + for (i = 0; i < NR_ACT; i++) { diff -Nru sysstat-12.2.0/debian/patches/series sysstat-12.2.0/debian/patches/series --- sysstat-12.2.0/debian/patches/series 2019-12-22 11:44:20.000000000 +0000 +++ sysstat-12.2.0/debian/patches/series 2019-12-23 19:11:03.000000000 +0000 @@ -7,3 +7,4 @@ 08-scripts.patch 09-enable-colors.patch 10-ignore-ut-failures.patch +11-Double-free-in-check_file_actlst.patch