Bug#864384: unblock: libmwaw/0.3.9-2

Wed, 07 Jun 2017 13:07:13 -0700 

Package: release.debian.org
Severity: normal
User: release.debian....@packages.debian.org
Usertags: unblock

Please unblock (and age-days...) package libmwaw

Fixes a (security) bug found by fuzzing: CVE-2017-9433.
See #864366

Debdiff:

diff -Nru libmwaw-0.3.9/debian/changelog libmwaw-0.3.9/debian/changelog
--- libmwaw-0.3.9/debian/changelog      2016-11-23 22:47:03.000000000 +0100
+++ libmwaw-0.3.9/debian/changelog      2017-06-07 21:47:49.000000000 +0200
@@ -1,3 +1,9 @@
+libmwaw (0.3.9-2) unstable; urgency=medium
+
+  * apply upstream patch to fix CVE-2017-9433 (closes: #864366)
+
+ -- Rene Engelhard <r...@debian.org>  Wed, 07 Jun 2017 21:47:49 +0200
+
 libmwaw (0.3.9-1) unstable; urgency=medium
 
   * Imported Upstream version 0.3.9
diff -Nru libmwaw-0.3.9/debian/patches/CVE-2017-9433.diff 
libmwaw-0.3.9/debian/patches/CVE-2017-9433.diff
--- libmwaw-0.3.9/debian/patches/CVE-2017-9433.diff     1970-01-01 
01:00:00.000000000 +0100
+++ libmwaw-0.3.9/debian/patches/CVE-2017-9433.diff     2017-06-07 
21:47:49.000000000 +0200
@@ -0,0 +1,11 @@
+--- a/src/lib/MsWrd1Parser.cxx
++++ b/src/lib/MsWrd1Parser.cxx
+@@ -902,7 +902,7 @@
+     int id = fIt++->second;
+     fPos[1] = fIt==footnoteMap.end() ? m_state->m_eot : fIt->first;
+     if (id >= int(m_state->m_footnotesList.size()))
+-      m_state->m_footnotesList.resize(size_t(id),MWAWVec2l(0,0));
++      m_state->m_footnotesList.resize(size_t(id)+1,MWAWVec2l(0,0));
+     m_state->m_footnotesList[size_t(id)]=fPos;
+   }
+   ascii().addDelimiter(input->tell(),'|');
diff -Nru libmwaw-0.3.9/debian/patches/series 
libmwaw-0.3.9/debian/patches/series
--- libmwaw-0.3.9/debian/patches/series 1970-01-01 01:00:00.000000000 +0100
+++ libmwaw-0.3.9/debian/patches/series 2017-06-07 21:47:49.000000000 +0200
@@ -0,0 +1 @@
+CVE-2017-9433.diff

unblock libmwaw/0.3.9-2

Regards,

Rene

-- System Information:
Debian Release: 8.8
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: armhf (armv7l)

Kernel: Linux 3.18.0-trunk-rpi2 (SMP w/4 CPU cores; PREEMPT)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Reply via email to