Stable update for vte
Hi,
please find attached a proposed stable update for the vte package.
vte (1:0.24.3-3) stable; urgency=low
* 01_CVE-2011-2198.patch: taken from upstream git. Fixes memory
exhaustion vulnerability. Closes: #629688, CVE-2011-2198.
Cheers,
--
.''`. Josselin Mouette
: :' :
`. `'
`-
diff -Nru vte-0.24.3/debian/changelog vte-0.24.3/debian/changelog
--- vte-0.24.3/debian/changelog 2010-11-06 12:48:41.000000000 +0100
+++ vte-0.24.3/debian/changelog 2011-08-18 16:19:09.000000000 +0200
@@ -1,3 +1,10 @@
+vte (1:0.24.3-3) stable; urgency=low
+
+ * 01_CVE-2011-2198.patch: taken from upstream git. Fixes memory
+ exhaustion vulnerability. Closes: #629688, CVE-2011-2198.
+
+ -- Josselin Mouette <joss@debian.org> Thu, 18 Aug 2011 16:17:27 +0200
+
vte (1:0.24.3-2) unstable; urgency=low
[ Emilio Pozuelo Monfort ]
diff -Nru vte-0.24.3/debian/patches/01_CVE-2011-2198.patch vte-0.24.3/debian/patches/01_CVE-2011-2198.patch
--- vte-0.24.3/debian/patches/01_CVE-2011-2198.patch 1970-01-01 01:00:00.000000000 +0100
+++ vte-0.24.3/debian/patches/01_CVE-2011-2198.patch 2011-08-18 16:19:09.000000000 +0200
@@ -0,0 +1,67 @@
+From ac71d26f067be3a21bff315c3cabf24c94360dd6 Mon Sep 17 00:00:00 2001
+From: Christian Persch <chpe@gnome.org>
+Date: Fri, 10 Jun 2011 15:31:58 +0000
+Subject: [CVE-2011-2198] Limit insert-blank-characters
+
+Bug #652124.
+---
+diff --git a/src/vteseq.c b/src/vteseq.c
+index 3fff7e8..7ef4c8c 100644
+--- a/src/vteseq.c
++++ b/src/vteseq.c
+@@ -532,9 +532,10 @@ vte_sequence_handler_offset(VteTerminal *terminal,
+
+ /* Call another function a given number of times, or once. */
+ static void
+-vte_sequence_handler_multiple(VteTerminal *terminal,
+- GValueArray *params,
+- VteTerminalSequenceHandler handler)
++vte_sequence_handler_multiple_limited(VteTerminal *terminal,
++ GValueArray *params,
++ VteTerminalSequenceHandler handler,
++ glong max)
+ {
+ long val = 1;
+ int i;
+@@ -544,13 +545,29 @@ vte_sequence_handler_multiple(VteTerminal *terminal,
+ value = g_value_array_get_nth(params, 0);
+ if (G_VALUE_HOLDS_LONG(value)) {
+ val = g_value_get_long(value);
+- val = MAX(val, 1); /* FIXME: vttest. */
++ val = CLAMP(val, 1, max); /* FIXME: vttest. */
+ }
+ }
+ for (i = 0; i < val; i++)
+ handler (terminal, NULL);
+ }
+
++static void
++vte_sequence_handler_multiple(VteTerminal *terminal,
++ GValueArray *params,
++ VteTerminalSequenceHandler handler)
++{
++ vte_sequence_handler_multiple_limited(terminal, params, handler, G_MAXLONG);
++}
++
++static void
++vte_sequence_handler_multiple_r(VteTerminal *terminal,
++ GValueArray *params,
++ VteTerminalSequenceHandler handler)
++{
++ vte_sequence_handler_multiple_limited(terminal, params, handler,
++ terminal->column_count - terminal->pvt->screen->cursor_current.col);
++}
+
+ /* Manipulate certain terminal attributes. */
+ static void
+@@ -1570,7 +1587,7 @@ vte_sequence_handler_ic (VteTerminal *terminal, GValueArray *params)
+ static void
+ vte_sequence_handler_IC (VteTerminal *terminal, GValueArray *params)
+ {
+- vte_sequence_handler_multiple(terminal, params, vte_sequence_handler_ic);
++ vte_sequence_handler_multiple_r(terminal, params, vte_sequence_handler_ic);
+ }
+
+ /* Begin insert mode. */
+--
+cgit v0.9.0.2
diff -Nru vte-0.24.3/debian/patches/series vte-0.24.3/debian/patches/series
--- vte-0.24.3/debian/patches/series 2010-11-06 12:49:54.000000000 +0100
+++ vte-0.24.3/debian/patches/series 2011-08-18 16:19:09.000000000 +0200
@@ -1,3 +1,4 @@
+01_CVE-2011-2198.patch
25_optional-ncurses.patch
60_termcap-home-end.patch
90_autoreconf.patch
Reply to: