Bug#882621: stretch-pu: package python2.7/2.7.13-2+deb9u2

Fri, 24 Nov 2017 14:22:17 -0800 

Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian....@packages.debian.org
Usertags: pu

Hi,
I'd like to add a fix for a minor security issue in Python 2.7 to the
as a followup update to what's already in spu. debdiff is below.

This is fixed in unstable in 2.7.13-4.

Cheers,
        Moritz

diff -u python2.7-2.7.13/debian/changelog python2.7-2.7.13/debian/changelog
--- python2.7-2.7.13/debian/changelog
+++ python2.7-2.7.13/debian/changelog
@@ -1,3 +1,10 @@
+python2.7 (2.7.13-2+deb9u2) stretch; urgency=medium
+
+  * Backport c3c9db89273fabc62ea1b48389d9a3000c1c03ae to address
+    CVE-2017-1000158 / https://bugs.python.org/issue30657
+
+ -- Moritz Mühlenhoff <j...@debian.org>  Fri, 24 Nov 2017 18:33:09 +0100
+
 python2.7 (2.7.13-2+deb9u1) stretch; urgency=medium
 
   * Non-maintainer upload with maintainer's permission
diff -u python2.7-2.7.13/debian/patches/series.in 
python2.7-2.7.13/debian/patches/series.in
--- python2.7-2.7.13/debian/patches/series.in
+++ python2.7-2.7.13/debian/patches/series.in
@@ -72,0 +73 @@
+CVE-2017-1000158.diff
only in patch2:
unchanged:
--- python2.7-2.7.13.orig/debian/patches/CVE-2017-1000158.diff
+++ python2.7-2.7.13/debian/patches/CVE-2017-1000158.diff
@@ -0,0 +1,29 @@
+From c3c9db89273fabc62ea1b48389d9a3000c1c03ae Mon Sep 17 00:00:00 2001
+From: Jay Bosamiya <jaybosam...@gmail.com>
+Date: Sun, 18 Jun 2017 22:11:03 +0530
+Subject: [PATCH] [2.7] bpo-30657: Check & prevent integer overflow in
+ PyString_DecodeEscape (#2174)
+
+---
+ Objects/stringobject.c | 8 +++++++-
+ 3 files changed, 11 insertions(+), 1 deletion(-)
+
+diff --git a/Objects/stringobject.c b/Objects/stringobject.c
+index c78e19316a0..59d22e76946 100644
+--- a/Objects/stringobject.c
++++ b/Objects/stringobject.c
+@@ -612,7 +612,13 @@ PyObject *PyString_DecodeEscape(const char *s,
+     char *p, *buf;
+     const char *end;
+     PyObject *v;
+-    Py_ssize_t newlen = recode_encoding ? 4*len:len;
++    Py_ssize_t newlen;
++    /* Check for integer overflow */
++    if (recode_encoding && (len > PY_SSIZE_T_MAX / 4)) {
++        PyErr_SetString(PyExc_OverflowError, "string is too large");
++        return NULL;
++    }
++    newlen = recode_encoding ? 4*len:len;
+     v = PyString_FromStringAndSize((char *)NULL, newlen);
+     if (v == NULL)
+         return NULL;

Reply via email to