Bug#814067: xdelta3: diff for NMU version 3.0.8-dfsg-1.1

Wed, 10 Feb 2016 12:45:31 -0800 

Control: tags 814067 + patch
Control: tags 814067 + pending

Hi Andrea,

I've prepared an NMU for xdelta3 (versioned as 3.0.8-dfsg-1.1) and
uploaded it to DELAYED/2. Please feel free to tell me if I
should delay it longer.

Regards,
Salvatore

diff -Nru xdelta3-3.0.8-dfsg/debian/changelog xdelta3-3.0.8-dfsg/debian/changelog
--- xdelta3-3.0.8-dfsg/debian/changelog	2014-02-20 12:44:23.000000000 +0100
+++ xdelta3-3.0.8-dfsg/debian/changelog	2016-02-10 21:33:48.000000000 +0100
@@ -1,3 +1,10 @@
+xdelta3 (3.0.8-dfsg-1.1) unstable; urgency=high
+
+  * Non-maintainer upload.
+  * CVE-2014-9765: buffer overflow in main_get_appheader (Closes: #814067)
+
+ -- Salvatore Bonaccorso <car...@debian.org>  Wed, 10 Feb 2016 21:33:10 +0100
+
 xdelta3 (3.0.8-dfsg-1) unstable; urgency=low
 
   * new upstream release (only minor changes)
diff -Nru xdelta3-3.0.8-dfsg/debian/patches/CVE-2014-9765.patch xdelta3-3.0.8-dfsg/debian/patches/CVE-2014-9765.patch
--- xdelta3-3.0.8-dfsg/debian/patches/CVE-2014-9765.patch	1970-01-01 01:00:00.000000000 +0100
+++ xdelta3-3.0.8-dfsg/debian/patches/CVE-2014-9765.patch	2016-02-10 21:33:48.000000000 +0100
@@ -0,0 +1,29 @@
+Description: CVE-2014-9765: buffer overflow in main_get_appheader
+Origin: upstream, https://github.com/jmacd/xdelta/commit/969e65d3a5d70442f5bafd726bcef47a0b48edd8
+Bug-Debian: https://bugs.debian.org/814067
+Forwarded: not-needed
+Author: "josh.macdonald" <jm...@users.noreply.github.com>
+Reviewed-by: Salvatore Bonaccorso <car...@debian.org>
+Last-Update: 2016-02-10
+Applied-Upstream: 3.0.9
+
+--- a/xdelta3-main.h
++++ b/xdelta3-main.h
+@@ -2810,14 +2810,15 @@ main_get_appheader (xd3_stream *stream,
+ 
+   if (appheadsz > 0)
+     {
++      const int kMaxArgs = 4;
+       char *start = (char*)apphead;
+       char *slash;
+       int   place = 0;
+-      char *parsed[4];
++      char *parsed[kMaxArgs];
+ 
+       memset (parsed, 0, sizeof (parsed));
+ 
+-      while ((slash = strchr (start, '/')) != NULL)
++      while ((slash = strchr (start, '/')) != NULL && place < (kMaxArgs-1))
+ 	{
+ 	  *slash = 0;
+ 	  parsed[place++] = start;
diff -Nru xdelta3-3.0.8-dfsg/debian/patches/series xdelta3-3.0.8-dfsg/debian/patches/series
--- xdelta3-3.0.8-dfsg/debian/patches/series	2013-06-16 20:12:44.000000000 +0200
+++ xdelta3-3.0.8-dfsg/debian/patches/series	2016-02-10 21:33:48.000000000 +0100
@@ -3,3 +3,4 @@
 printf_uint64
 Q_not_u
 manpage_lzma
+CVE-2014-9765.patch

Reply via email to