tags 459129 + patch thanks Hi, attached is a proposal for an NMU which includes a fix for this if you have no time for an update yourself. Please notify me in this case so i can upload.
It will be also archived on: http://people.debian.org/~nion/nmu-diff/libcdio-0.78.2+dfsg1-1_0.78.2+dfsg1-1.1.patch Kind regards Nico -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
diff -u libcdio-0.78.2+dfsg1/debian/changelog libcdio-0.78.2+dfsg1/debian/changelog
--- libcdio-0.78.2+dfsg1/debian/changelog
+++ libcdio-0.78.2+dfsg1/debian/changelog
@@ -1,3 +1,14 @@
+libcdio (0.78.2+dfsg1-1.1) unstable; urgency=high
+
+ * Non-maintainer upload by security team.
+ * This update addresses the following security issue:
+ - CVE-2007-6613: a stack-based buffer overflow in the
+ print_iso9660_recurse function could lead to cause a denial of service
+ or arbitrary code execution if the iso-info tool is used with a crafted
+ iso image (Closes: #459129).
+
+ -- Nico Golde <[EMAIL PROTECTED]> Fri, 04 Jan 2008 14:06:57 +0100
+
libcdio (0.78.2+dfsg1-1) unstable; urgency=low
* Repack the source tarball to remove non-DFSG-free
only in patch2:
unchanged:
--- libcdio-0.78.2+dfsg1.orig/src/iso-info.c
+++ libcdio-0.78.2+dfsg1/src/iso-info.c
@@ -224,7 +224,7 @@
iso9660_stat_t *p_statbuf = _cdio_list_node_data (entnode);
char *psz_iso_name = p_statbuf->filename;
char _fullname[4096] = { 0, };
- char translated_name[MAX_ISONAME+1];
+ char *translated_name = (char *) alloca(strlen(psz_iso_name)+1);
if (yep != p_statbuf->rr.b3_rock || 1 == opts.no_rock_ridge) {
iso9660_name_translate_ext(psz_iso_name, translated_name,
only in patch2:
unchanged:
--- libcdio-0.78.2+dfsg1.orig/src/cd-info.c
+++ libcdio-0.78.2+dfsg1/src/cd-info.c
@@ -539,7 +539,7 @@
iso9660_stat_t *p_statbuf = _cdio_list_node_data (entnode);
char *psz_iso_name = p_statbuf->filename;
char _fullname[4096] = { 0, };
- char translated_name[MAX_ISONAME+1];
+ char *translated_name = (char *) alloca(strlen(psz_iso_name)+1);
if (yep != p_statbuf->rr.b3_rock || 1 == opts.no_rock_ridge) {
iso9660_name_translate_ext(psz_iso_name, translated_name,
pgplLX898pRe4.pgp
Description: PGP signature
