Bug#864366: CVE-2017-9433
Hi,
On Wed, Jun 07, 2017 at 06:13:05PM +0200, Moritz Muehlenhoff wrote:
> Source: libmwaw
> Severity: grave
> Tags: security
>
> Please see https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9433
sid (and thus hopefully stretch assuming will be unblocked, see # -
otherwise we'd need stretch-security) and experimental done.
stable diff is here:
diff -Nru libmwaw-0.3.1/debian/changelog libmwaw-0.3.1/debian/changelog
--- libmwaw-0.3.1/debian/changelog 2014-08-07 23:53:29.000000000 +0200
+++ libmwaw-0.3.1/debian/changelog 2017-06-07 22:47:24.000000000 +0200
@@ -1,3 +1,9 @@
+libmwaw (0.3.1-2+deb8u1) jessie-security; urgency=medium
+
+ * backport upstream patch to fix CVE-2017-9433 (closes: #864366)
+
+ -- Rene Engelhard <rene@debian.org> Wed, 07 Jun 2017 22:47:10 +0200
+
libmwaw (0.3.1-2) unstable; urgency=low
* upload to unstable
diff -Nru libmwaw-0.3.1/debian/patches/CVE-2017-9433.diff libmwaw-0.3.1/debian/patches/CVE-2017-9433.diff
--- libmwaw-0.3.1/debian/patches/CVE-2017-9433.diff 1970-01-01 01:00:00.000000000 +0100
+++ libmwaw-0.3.1/debian/patches/CVE-2017-9433.diff 2017-06-07 22:46:57.000000000 +0200
@@ -0,0 +1,11 @@
+--- a/src/lib/MsWrd1Parser.cxx
++++ b/src/lib/MsWrd1Parser.cxx
+@@ -902,7 +902,7 @@
+ int id = fIt++->second;
+ fPos[1] = fIt==footnoteMap.end() ? m_state->m_eot : fIt->first;
+ if (id >= int(m_state->m_footnotesList.size()))
+- m_state->m_footnotesList.resize(size_t(id),0);
++ m_state->m_footnotesList.resize(size_t(id)+1,0);
+ m_state->m_footnotesList[size_t(id)]=fPos;
+ }
+ ascii().addDelimiter(input->tell(),'|');
diff -Nru libmwaw-0.3.1/debian/patches/series libmwaw-0.3.1/debian/patches/series
--- libmwaw-0.3.1/debian/patches/series 1970-01-01 01:00:00.000000000 +0100
+++ libmwaw-0.3.1/debian/patches/series 2017-06-07 22:13:15.000000000 +0200
@@ -0,0 +1 @@
+CVE-2017-9433.diff
Should I upload?
Regards,
Rene
Reply to: