Bug#923416: advancecomp: diff for NMU version 2.1-1.1

Sun, 17 Mar 2019 13:36:20 -0700 

Control: tags 923416 + patch
Control: tags 923416 + pending


Dear maintainer,

I've prepared an NMU for advancecomp (versioned as 2.1-1.1) and
uploaded it to DELAYED/2. Please feel free to tell me if I
should delay it longer.

Regards,
Salvatore

diff -Nru advancecomp-2.1/debian/changelog advancecomp-2.1/debian/changelog
--- advancecomp-2.1/debian/changelog	2018-02-13 09:40:50.000000000 +0100
+++ advancecomp-2.1/debian/changelog	2019-03-17 21:26:16.000000000 +0100
@@ -1,3 +1,11 @@
+advancecomp (2.1-1.1) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Fix a buffer overflow with image of invalid size (CVE-2019-9210)
+    (Closes: #923416)
+
+ -- Salvatore Bonaccorso <car...@debian.org>  Sun, 17 Mar 2019 21:26:16 +0100
+
 advancecomp (2.1-1) unstable; urgency=high
 
   * New upstream release
diff -Nru advancecomp-2.1/debian/patches/Fix-a-buffer-overflow-with-image-of-invalid-size.patch advancecomp-2.1/debian/patches/Fix-a-buffer-overflow-with-image-of-invalid-size.patch
--- advancecomp-2.1/debian/patches/Fix-a-buffer-overflow-with-image-of-invalid-size.patch	1970-01-01 01:00:00.000000000 +0100
+++ advancecomp-2.1/debian/patches/Fix-a-buffer-overflow-with-image-of-invalid-size.patch	2019-03-17 21:26:16.000000000 +0100
@@ -0,0 +1,29 @@
+From: Andrea Mazzoleni <amadva...@gmail.com>
+Date: Fri, 1 Mar 2019 20:40:25 +0100
+Subject: Fix a buffer overflow with image of invalid size
+Origin: https://github.com/amadvance/advancecomp/commit/fcf71a89265c78fc26243574dda3a872574a5c02
+Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2019-9210
+Bug-Debian: https://bugs.debian.org/923416
+Bug: https://sourceforge.net/p/advancemame/bugs/277/
+
+---
+
+diff --git a/lib/png.c b/lib/png.c
+index cbf140b2ca6d..f888a28519d5 100644
+--- a/lib/png.c
++++ b/lib/png.c
+@@ -656,6 +656,11 @@ adv_error adv_png_read_ihdr(
+ 	}
+ 	*pix_pixel = pixel;
+ 
++	if (width_align < width) {
++		error_unsupported_set("Invalid image size");
++		goto err;
++	}
++
+ 	if (data[10] != 0) { /* compression */
+ 		error_unsupported_set("Unsupported compression, %d instead of 0", (unsigned)data[10]);
+ 		goto err;
+-- 
+2.11.0
+
diff -Nru advancecomp-2.1/debian/patches/series advancecomp-2.1/debian/patches/series
--- advancecomp-2.1/debian/patches/series	1970-01-01 01:00:00.000000000 +0100
+++ advancecomp-2.1/debian/patches/series	2019-03-17 21:26:16.000000000 +0100
@@ -0,0 +1 @@
+Fix-a-buffer-overflow-with-image-of-invalid-size.patch

Reply via email to