Bug#781630: unblock: musl/1.1.5-2

Tue, 31 Mar 2015 15:12:46 -0700 

Package: release.debian.org
Severity: normal
User: release.debian....@packages.debian.org
Usertags: unblock

Please unblock package musl

this upload fixes an RC-bug #781497 (CVE-2015-1817).
Debdiff is attached.


unblock musl/1.1.5-2


Thanks

Anton

diff -Nru musl-1.1.5/debian/changelog musl-1.1.5/debian/changelog
--- musl-1.1.5/debian/changelog	2014-10-15 23:05:27.000000000 +0200
+++ musl-1.1.5/debian/changelog	2015-03-31 23:12:02.000000000 +0200
@@ -1,3 +1,9 @@
+musl (1.1.5-2) unstable; urgency=low
+
+  * Fixes possible stack-based buffer overflow CVE-2015-1817 (Closes: #781497)
+
+ -- Kevin Bortis <p...@bortis.ch>  Tue, 31 Mar 2015 22:42:17 +0200
+
 musl (1.1.5-1) unstable; urgency=low
 
   [ Kevin Bortis ]
diff -Nru musl-1.1.5/debian/patches/cve-2015-1817.diff musl-1.1.5/debian/patches/cve-2015-1817.diff
--- musl-1.1.5/debian/patches/cve-2015-1817.diff	1970-01-01 01:00:00.000000000 +0100
+++ musl-1.1.5/debian/patches/cve-2015-1817.diff	2015-03-31 23:20:03.000000000 +0200
@@ -0,0 +1,36 @@
+Description: Fixes possible stack-based buffer overflow CVE-2015-1817
+Author: Kevin Bortis <p...@bortis.ch>
+Bug-Debian: http://bugs.debian.org/781497
+Last-Update: 2015-03-31
+
+--- a/src/network/inet_pton.c
++++ b/src/network/inet_pton.c
+@@ -39,14 +39,15 @@
+ 	for (i=0; ; i++) {
+ 		if (s[0]==':' && brk<0) {
+ 			brk=i;
+-			ip[i]=0;
++			ip[i&7]=0;
+ 			if (!*++s) break;
++			if (i==7) return 0;
+ 			continue;
+ 		}
+ 		for (v=j=0; j<4 && (d=hexval(s[j]))>=0; j++)
+ 			v=16*v+d;
+ 		if (j==0) return 0;
+-		ip[i] = v;
++		ip[i&7] = v;
+ 		if (!s[j] && (brk>=0 || i==7)) break;
+ 		if (i==7) return 0;
+ 		if (s[j]!=':') {
+--- a/src/regex/regcomp.c
++++ b/src/regex/regcomp.c
+@@ -847,7 +847,7 @@
+ 			} else {
+ 				/* extension: accept unknown escaped char
+ 				   as a literal */
+-				node = tre_ast_new_literal(ctx->mem, *s, *s, ctx->position);
++				goto parse_literal;
+ 			}
+ 			ctx->position++;
+ 		}
diff -Nru musl-1.1.5/debian/patches/series musl-1.1.5/debian/patches/series
--- musl-1.1.5/debian/patches/series	1970-01-01 01:00:00.000000000 +0100
+++ musl-1.1.5/debian/patches/series	2015-03-31 23:11:32.000000000 +0200
@@ -0,0 +1 @@
+cve-2015-1817.diff

Reply via email to