Hi SRM, I thought it would be a good idea to append a proper DEP3 header to CVE-2024-29421.patch. Revised debdiff is in attachment.
Have a nice day, :) -- .''`. Étienne Mollier <emoll...@debian.org> : :' : pgp: 8f91 b227 c7d6 f2b1 948c 8236 793c f67e 8f0d 11da `. `' sent from /dev/pts/6, please excuse my verbosity `- on air: Dream Theater - The Count Of Tuscany
diff -Nru xmedcon-0.23.0-gtk3+dfsg/debian/changelog xmedcon-0.23.0-gtk3+dfsg/debian/changelog --- xmedcon-0.23.0-gtk3+dfsg/debian/changelog 2023-02-05 19:35:32.000000000 +0100 +++ xmedcon-0.23.0-gtk3+dfsg/debian/changelog 2024-08-07 17:51:22.000000000 +0200 @@ -1,3 +1,10 @@ +xmedcon (0.23.0-gtk3+dfsg-1+deb12u1) bookworm; urgency=medium + + * Team upload. + * CVE-2024-29421.patch: new: fix CVE-2024-29421. (Closes: #1077369) + + -- Étienne Mollier <emoll...@debian.org> Wed, 07 Aug 2024 17:51:22 +0200 + xmedcon (0.23.0-gtk3+dfsg-1) unstable; urgency=medium * New upstream version diff -Nru xmedcon-0.23.0-gtk3+dfsg/debian/patches/CVE-2024-29421.patch xmedcon-0.23.0-gtk3+dfsg/debian/patches/CVE-2024-29421.patch --- xmedcon-0.23.0-gtk3+dfsg/debian/patches/CVE-2024-29421.patch 1970-01-01 01:00:00.000000000 +0100 +++ xmedcon-0.23.0-gtk3+dfsg/debian/patches/CVE-2024-29421.patch 2024-08-07 17:49:02.000000000 +0200 @@ -0,0 +1,47 @@ +Description: Prevent overflow of value before a malloc(). + This patch includes commits a35cd9b856c23e20cc1753e36cd9228391366082 + from upstream, and 5131a648f09a82c26088b340bdd983fd09a6e19e for + additional error messaging. This fixes CVE-2024-29421. + +Author: Erik Nolf +Origin: upstream, + https://sourceforge.net/p/xmedcon/code/ci/5131a648f09a82c26088b340bdd983fd09a6e19e/, + https://sourceforge.net/p/xmedcon/code/ci/434925fca63c855dd6d24e4c018c2fa745646f9e/ +Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1077369 +Reviewed-by: Étienne Mollier <emoll...@debian.org> +Last-Update: 2024-08-07 +--- +This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ +--- a/libs/dicom/basic.c ++++ b/libs/dicom/basic.c +@@ -401,6 +401,16 @@ int dicom_load(VR vr) + if (element.vr==SQ || element.length==0xFFFFFFFF) + return 0; + ++ /* eNlf: - simply prevent length values that will overflow */ ++ /* eNlf: when we sum with an extra 4 bytes; thus preventing */ ++ /* eNlf: a heap overflow due to a small value at malloc() */ ++ /* eNlf: notified by Spike Reply Cyber Security Team */ ++ if (element.length > (0xFFFFFFFF - 4)) { ++ dicom_log(ERROR,"Unsupported element length"); ++ dicom_close(); ++ return -4; ++ } ++ + if (element.group==0xFFFE) + if (!element.encapsulated) + return 0; +@@ -499,6 +509,13 @@ int mdc_dicom_load(VR vr) + if (element.vr==SQ || element.length==0xFFFFFFFF) + return 0; + ++ /* eNlf: prevent overflowed value - see dicom_load() */ ++ if (element.length > (0xFFFFFFFF - 4)) { ++ dicom_log(ERROR,"Unsupported element length"); ++ dicom_close(); ++ return -4; ++ } ++ + if (element.group==0xFFFE) + if (!element.encapsulated) + return 0; diff -Nru xmedcon-0.23.0-gtk3+dfsg/debian/patches/series xmedcon-0.23.0-gtk3+dfsg/debian/patches/series --- xmedcon-0.23.0-gtk3+dfsg/debian/patches/series 2023-02-05 19:35:32.000000000 +0100 +++ xmedcon-0.23.0-gtk3+dfsg/debian/patches/series 2024-08-07 17:36:04.000000000 +0200 @@ -2,3 +2,4 @@ use_debian_packaged_niftilib.patch cross.patch typos.patch +CVE-2024-29421.patch
signature.asc
Description: PGP signature
