Bug#864366: CVE-2017-9433

To: Rene Engelhard <rene@debian.org>
Cc: 864366@bugs.debian.org, team@security.debian.org
Subject: Bug#864366: CVE-2017-9433
From: Moritz Mühlenhoff <jmm@inutil.org>
Date: Wed, 7 Jun 2017 23:54:26 +0200
Message-id: <[🔎] 20170607215426.f2zkvrms5agprzvs@pisco.westfalen.local>
Reply-to: Moritz Mühlenhoff <jmm@inutil.org>, 864366@bugs.debian.org
In-reply-to: <[🔎] 20170607210702.GD1662@rene-engelhard.de>
References: <[🔎] 149685198584.6211.18377381214549672369.reportbug@hullmann.westfalen.local> <[🔎] 20170607210702.GD1662@rene-engelhard.de>

On Wed, Jun 07, 2017 at 11:07:02PM +0200, Rene Engelhard wrote:
> Hi,
> 
> On Wed, Jun 07, 2017 at 06:13:05PM +0200, Moritz Muehlenhoff wrote:
> > Source: libmwaw
> > Severity: grave
> > Tags: security
> > 
> > Please see https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9433
> 
> sid (and thus hopefully stretch assuming will be unblocked, see # -
> otherwise we'd need stretch-security) and experimental done.
> 
> stable diff is here:
> 
> diff -Nru libmwaw-0.3.1/debian/changelog libmwaw-0.3.1/debian/changelog
> --- libmwaw-0.3.1/debian/changelog	2014-08-07 23:53:29.000000000 +0200
> +++ libmwaw-0.3.1/debian/changelog	2017-06-07 22:47:24.000000000 +0200
> @@ -1,3 +1,9 @@
> +libmwaw (0.3.1-2+deb8u1) jessie-security; urgency=medium
> +
> +  * backport upstream patch to fix CVE-2017-9433 (closes: #864366)
> +
> + -- Rene Engelhard <rene@debian.org>  Wed, 07 Jun 2017 22:47:10 +0200
> +
>  libmwaw (0.3.1-2) unstable; urgency=low
>  
>    * upload to unstable 
> diff -Nru libmwaw-0.3.1/debian/patches/CVE-2017-9433.diff libmwaw-0.3.1/debian/patches/CVE-2017-9433.diff
> --- libmwaw-0.3.1/debian/patches/CVE-2017-9433.diff	1970-01-01 01:00:00.000000000 +0100
> +++ libmwaw-0.3.1/debian/patches/CVE-2017-9433.diff	2017-06-07 22:46:57.000000000 +0200
> @@ -0,0 +1,11 @@
> +--- a/src/lib/MsWrd1Parser.cxx
> ++++ b/src/lib/MsWrd1Parser.cxx
> +@@ -902,7 +902,7 @@
> +     int id = fIt++->second;
> +     fPos[1] = fIt==footnoteMap.end() ? m_state->m_eot : fIt->first;
> +     if (id >= int(m_state->m_footnotesList.size()))
> +-      m_state->m_footnotesList.resize(size_t(id),0);
> ++      m_state->m_footnotesList.resize(size_t(id)+1,0);
> +     m_state->m_footnotesList[size_t(id)]=fPos;
> +   }
> +   ascii().addDelimiter(input->tell(),'|');
> diff -Nru libmwaw-0.3.1/debian/patches/series libmwaw-0.3.1/debian/patches/series
> --- libmwaw-0.3.1/debian/patches/series	1970-01-01 01:00:00.000000000 +0100
> +++ libmwaw-0.3.1/debian/patches/series	2017-06-07 22:13:15.000000000 +0200
> @@ -0,0 +1 @@
> +CVE-2017-9433.diff
> 
> Should I upload?

Please go ahead (needs -sa since orig tarball is new)

Cheers,
        Moritz

Reply to:

Follow-Ups:
- Bug#864366: CVE-2017-9433
  - From: Rene Engelhard <rene@debian.org>

References:
- Bug#864366: CVE-2017-9433
  - From: Moritz Muehlenhoff <jmm@debian.org>
- Bug#864366: CVE-2017-9433
  - From: Rene Engelhard <rene@debian.org>

Prev by Date: Bug#864366: CVE-2017-9433
Next by Date: Bug#864366: CVE-2017-9433
Previous by thread: Bug#864366: CVE-2017-9433
Next by thread: Bug#864366: CVE-2017-9433
Index(es):
- Date
- Thread