Package: release.debian.org Severity: normal Tags: bullseye User: release.debian....@packages.debian.org Usertags: pu
[ Reason ] This fixes CVE-2021-40241 (a potential buffer overflow in reading an environment variable). [ Tests ] Salsa-CI Pipleline passed except reprotest (no idea, what goes wrong there, maybe a bullseye problem with the pipeline): https://salsa.debian.org/debian/xfig/-/pipelines/451502 [ Risks ] The fix is very minimal (change sprintf to snprintf). [ Checklist ] [x] *all* changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in (old)stable [x] the issue is verified as fixed in unstable [ Changes ] - fix for CVE-2021-40241 - Change in debian/salsa-ci.yml to build with bullseye instead of unstable Greetings Roland
diff -Nru xfig-3.2.8/debian/changelog xfig-3.2.8/debian/changelog --- xfig-3.2.8/debian/changelog 2021-05-20 21:14:22.000000000 +0200 +++ xfig-3.2.8/debian/changelog 2022-11-07 13:10:05.000000000 +0100 @@ -1,3 +1,10 @@ +xfig (1:3.2.8-3+deb11u1) bullseye; urgency=medium + + * 10_CVE-2021-40241: Avoid buffer overflow in LANG (CVE-2021-40241) + (Closes: #992395). + + -- Roland Rosenfeld <rol...@debian.org> Mon, 07 Nov 2022 13:10:05 +0100 + xfig (1:3.2.8-3) unstable; urgency=medium * testsuite: depend on libgs-dev, so the test does no longer randomly diff -Nru xfig-3.2.8/debian/patches/10_CVE-2021-40241.patch xfig-3.2.8/debian/patches/10_CVE-2021-40241.patch --- xfig-3.2.8/debian/patches/10_CVE-2021-40241.patch 1970-01-01 01:00:00.000000000 +0100 +++ xfig-3.2.8/debian/patches/10_CVE-2021-40241.patch 2022-11-07 13:10:05.000000000 +0100 @@ -0,0 +1,19 @@ +From: Roland Rosenfeld <rol...@debian.org> +Date: Fri, 20 Aug 2021 13:18:20 +0200 +Origin: upstream, https://sourceforge.net/p/mcj/xfig/ci/1c4e131 +Bug-Debian: https://bugs.debian.org/992395 +Bug: https://bugs.debian.org/992395 +Subject: Avoid buffer overflow in LANG. + Fixes CVE-2021-40241 + +--- a/src/w_help.c ++++ b/src/w_help.c +@@ -52,7 +52,7 @@ launch_refman(Widget w, XtPointer closur + #ifdef I18N + if (appres.international && getenv("LANG")) { + /* check localized file ($XFIGDOCDIR/html/$LANG/index.html) first */ +- sprintf(filename, "%s/html/%s/index.html", XFIGDOCDIR, getenv("LANG")); ++ snprintf(filename, PATH_MAX, "%s/html/%s/index.html", XFIGDOCDIR, getenv("LANG")); + if (!check_docfile(filename)) + sprintf(filename, "%s/html/index.html", XFIGDOCDIR); + } diff -Nru xfig-3.2.8/debian/patches/series xfig-3.2.8/debian/patches/series --- xfig-3.2.8/debian/patches/series 2021-05-20 21:14:22.000000000 +0200 +++ xfig-3.2.8/debian/patches/series 2022-11-07 13:10:05.000000000 +0100 @@ -4,3 +4,4 @@ 07_missing-config.h.patch 08_fig-format-doc.patch 09_repair-table-doc.patch +10_CVE-2021-40241.patch diff -Nru xfig-3.2.8/debian/salsa-ci.yml xfig-3.2.8/debian/salsa-ci.yml --- xfig-3.2.8/debian/salsa-ci.yml 2021-05-20 21:14:22.000000000 +0200 +++ xfig-3.2.8/debian/salsa-ci.yml 2022-11-07 13:10:05.000000000 +0100 @@ -3,4 +3,4 @@ - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/pipeline-jobs.yml variables: - RELEASE: 'unstable' + RELEASE: 'bullseye'
signature.asc
Description: PGP signature
