tags 672455 + patch tags 672455 + pending thanks Dear maintainer,
I've prepared an NMU for openjpeg (versioned as 1.3+dfsg-4.1) and uploaded it to DELAYED/02. Please feel free to tell me if I should delay it longer. Cheers Luk
diff -u openjpeg-1.3+dfsg/debian/changelog openjpeg-1.3+dfsg/debian/changelog --- openjpeg-1.3+dfsg/debian/changelog +++ openjpeg-1.3+dfsg/debian/changelog @@ -1,3 +1,10 @@ +openjpeg (1.3+dfsg-4.1) unstable; urgency=high + + * Non-maintainer upload by the Security Team. + * Fix CVE-2009-5030: Avoid memory overrun (Closes: #672455). + + -- Luk Claes <l...@debian.org> Sat, 23 Jun 2012 18:26:27 +0200 + openjpeg (1.3+dfsg-4) unstable; urgency=high * Fix FTBFS on alpha for real (Closes: #483048). diff -u openjpeg-1.3+dfsg/debian/patches/00list openjpeg-1.3+dfsg/debian/patches/00list --- openjpeg-1.3+dfsg/debian/patches/00list +++ openjpeg-1.3+dfsg/debian/patches/00list @@ -3,0 +4 @@ +33_avoid_memory_overrun.dpatch only in patch2: unchanged: --- openjpeg-1.3+dfsg.orig/debian/patches/33_avoid_memory_overrun.dpatch +++ openjpeg-1.3+dfsg/debian/patches/33_avoid_memory_overrun.dpatch @@ -0,0 +1,23 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 33_avoid_memory_overrun.dpatch by <mathieu.malate...@gmail.com> +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Dont apply the -s strip flag to the shared lib debian will do it for us +## DP: where necessary +## DP: Remove unnecessary linkage on lstdc++ and lm and add missing linkage for -lm + +@DPATCH@ + +Index: ./libopenjpeg/tcd.c +=================================================================== +--- ./libopenjpeg/tcd.c ++++ ./libopenjpeg/tcd.c +@@ -332,7 +332,7 @@ + cblk->y0 = int_max(cblkystart, prc->y0); + cblk->x1 = int_min(cblkxend, prc->x1); + cblk->y1 = int_min(cblkyend, prc->y1); +- cblk->data = (unsigned char*) opj_calloc(8192+2, sizeof(unsigned char)); ++ cblk->data = (unsigned char*) opj_calloc(9728+2, sizeof(unsigned char)); + /* FIXME: mqc_init_enc and mqc_byteout underrun the buffer if we don't do this. Why? */ + cblk->data += 2; + cblk->layers = (opj_tcd_layer_t*) opj_calloc(100, sizeof(opj_tcd_layer_t));
