Hello, Matthias Geiger <werdah...@riseup.net> wrote on 07/05/2024 at 00:05:36+0200:
> On Thu, 18 Apr 2024 14:40:58 +0200 Matthias Geiger > <werdah...@riseup.net> wrote: > >> >> //I have prepared a fix; however this needs the FTBFS in #997441 >> adressed first. >> >> Will attach a debdiff once that has happened. >> > > See attachement. > > best, I've uploaded this debdiff in DELAYED/7. Please reach out if there's any issue. Bests, -- PEB
diff -Nru squirrel3-3.1/debian/changelog squirrel3-3.1/debian/changelog --- squirrel3-3.1/debian/changelog 2024-04-29 23:39:09.000000000 +0200 +++ squirrel3-3.1/debian/changelog 2024-05-13 14:59:34.000000000 +0200 @@ -1,3 +1,11 @@ +squirrel3 (3.1-8.2) unstable; urgency=medium + + * Non-maintainer upload. + * Cherry-pick upstream commit as 03-fix-buffer-overflow.diff + Closes: #1014539, CVE-2022-30292 + + -- Matthias Geiger <werdah...@riseup.net> Mon, 13 May 2024 14:59:34 +0200 + squirrel3 (3.1-8.1) unstable; urgency=medium * Non-maintainer upload. diff -Nru squirrel3-3.1/debian/patches/03-fix-buffer-overflow.diff squirrel3-3.1/debian/patches/03-fix-buffer-overflow.diff --- squirrel3-3.1/debian/patches/03-fix-buffer-overflow.diff 1970-01-01 01:00:00.000000000 +0100 +++ squirrel3-3.1/debian/patches/03-fix-buffer-overflow.diff 2024-05-13 14:59:20.000000000 +0200 @@ -0,0 +1,22 @@ +From a6413aa690e0bdfef648c68693349a7b878fe60d Mon Sep 17 00:00:00 2001 +From: Alberto Demichelis <albertodemiche...@hotmail.com> +Date: Mon, 2 May 2022 12:04:58 +0200 +Subject: [PATCH] fix in thread.call + +--- + squirrel/sqbaselib.cpp | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/squirrel/sqbaselib.cpp b/squirrel/sqbaselib.cpp +index 662aeac..e283900 100644 +--- a/squirrel/sqbaselib.cpp ++++ b/squirrel/sqbaselib.cpp +@@ -1012,6 +1012,7 @@ static SQInteger thread_call(HSQUIRRELVM v) + SQObjectPtr o = stack_get(v,1); + if(type(o) == OT_THREAD) { + SQInteger nparams = sq_gettop(v); ++ sq_reservestack(_thread(o), nparams + 3); + _thread(o)->Push(_thread(o)->_roottable); + for(SQInteger i = 2; i<(nparams+1); i++) + sq_move(_thread(o),v,i); + diff -Nru squirrel3-3.1/debian/patches/series squirrel3-3.1/debian/patches/series --- squirrel3-3.1/debian/patches/series 2024-04-29 23:33:43.000000000 +0200 +++ squirrel3-3.1/debian/patches/series 2024-05-13 14:59:20.000000000 +0200 @@ -1,2 +1,3 @@ 01-fix-spelling-errors.patch 02-sphinx-ext.patch +03-fix-buffer-overflow.diff
signature.asc
Description: PGP signature