Bug#864366: CVE-2017-9433

[Rene Engelhard <rene@debian.org>]

Hi,

On Wed, Jun 07, 2017 at 06:13:05PM +0200, Moritz Muehlenhoff wrote:
> Source: libmwaw
> Severity: grave
> Tags: security
> 
> Please see https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9433

sid (and thus hopefully stretch assuming will be unblocked, see # -
otherwise we'd need stretch-security) and experimental done.

stable diff is here:

diff -Nru libmwaw-0.3.1/debian/changelog libmwaw-0.3.1/debian/changelog
--- libmwaw-0.3.1/debian/changelog	2014-08-07 23:53:29.000000000 +0200
+++ libmwaw-0.3.1/debian/changelog	2017-06-07 22:47:24.000000000 +0200
@@ -1,3 +1,9 @@
+libmwaw (0.3.1-2+deb8u1) jessie-security; urgency=medium
+
+  * backport upstream patch to fix CVE-2017-9433 (closes: #864366)
+
+ -- Rene Engelhard <rene@debian.org>  Wed, 07 Jun 2017 22:47:10 +0200
+
 libmwaw (0.3.1-2) unstable; urgency=low
 
   * upload to unstable 
diff -Nru libmwaw-0.3.1/debian/patches/CVE-2017-9433.diff libmwaw-0.3.1/debian/patches/CVE-2017-9433.diff
--- libmwaw-0.3.1/debian/patches/CVE-2017-9433.diff	1970-01-01 01:00:00.000000000 +0100
+++ libmwaw-0.3.1/debian/patches/CVE-2017-9433.diff	2017-06-07 22:46:57.000000000 +0200
@@ -0,0 +1,11 @@
+--- a/src/lib/MsWrd1Parser.cxx
++++ b/src/lib/MsWrd1Parser.cxx
+@@ -902,7 +902,7 @@
+     int id = fIt++->second;
+     fPos[1] = fIt==footnoteMap.end() ? m_state->m_eot : fIt->first;
+     if (id >= int(m_state->m_footnotesList.size()))
+-      m_state->m_footnotesList.resize(size_t(id),0);
++      m_state->m_footnotesList.resize(size_t(id)+1,0);
+     m_state->m_footnotesList[size_t(id)]=fPos;
+   }
+   ascii().addDelimiter(input->tell(),'|');
diff -Nru libmwaw-0.3.1/debian/patches/series libmwaw-0.3.1/debian/patches/series
--- libmwaw-0.3.1/debian/patches/series	1970-01-01 01:00:00.000000000 +0100
+++ libmwaw-0.3.1/debian/patches/series	2017-06-07 22:13:15.000000000 +0200
@@ -0,0 +1 @@
+CVE-2017-9433.diff

Should I upload?

Regards,

Rene