1 files changed, 35 insertions, 0 deletions

diff --git a/debian/patches/CVE-2021-39275.patch b/debian/patches/CVE-2021-39275.patch
new file mode 100644
index 0000000..d489891
--- /dev/null
+++ b/debian/patches/CVE-2021-39275.patch
@@ -0,0 +1,35 @@
+Description: Backport of
+ From c69d4cc90c0e27703030b3ff09f91bf4dcbcfd51 Mon Sep 17 00:00:00 2001
+ From: Stefan Eissing <icing@apache.org>
+ Date: Tue, 10 Aug 2021 08:55:54 +0000
+ Subject: [PATCH] Merged r1892012 from trunk:
+ .
+ and
+ From ac62c7e7436560cf4f7725ee586364ce95c07804 Mon Sep 17 00:00:00 2001
+ From: Graham Leggett <minfrin@apache.org>
+ Date: Sat, 21 Aug 2021 21:35:04 +0000
+ Subject: [PATCH] Backport:
+Author: Moritz Muehlenhoff <jmm@inutil.org>
+Origin: upstream
+Forwarded: not-needed
+Last-Update: 2021-09-30
+
+--- a/server/util.c
++++ b/server/util.c
+@@ -2460,13 +2460,12 @@
+      * in front of every " that doesn't already have one.
+      */
+     while (*inchr != '\0') {
+-        if ((*inchr == '\\') && (inchr[1] != '\0')) {
+-            *outchr++ = *inchr++;
+-            *outchr++ = *inchr++;
+-        }
+         if (*inchr == '"') {
+             *outchr++ = '\\';
+         }
++        if ((*inchr == '\\') && (inchr[1] != '\0')) {
++            *outchr++ = *inchr++;
++        }
+         if (*inchr != '\0') {
+             *outchr++ = *inchr++;
+         }