Proposed update: gabedit/2.4.2-2+wheezy1 fixing #703965

To: debian-release@lists.debian.org
Subject: Proposed update: gabedit/2.4.2-2+wheezy1 fixing #703965
From: Daniel Leidert <daniel.leidert@wgdd.de>
Date: Mon, 29 Jul 2013 00:44:34 +0200
Message-id: <[🔎] 1375051474.7606.3.camel@haktar.debian.wgdd.de>

Hi,

I'm proposing a fix for gabedit in Wheezy. A buffer overflow has been
detected, which can be fixed with a one-liner. See these references:

http://sourceforge.net/p/gabedit/bugs/2/#f00e
http://bugs.debian.org/703965

The debdiff is attached.

Regards, Daniel

diff -Nru gabedit-2.4.2/debian/changelog gabedit-2.4.2/debian/changelog
--- gabedit-2.4.2/debian/changelog	2012-06-10 18:38:22.000000000 +0200
+++ gabedit-2.4.2/debian/changelog	2013-07-29 00:42:53.000000000 +0200
@@ -1,3 +1,11 @@
+gabedit (2.4.2-2+wheezy1) stable; urgency=low
+
+  * debian/patches/703965_fix_buffer_overflow.patch: Added.
+    - Fix buffer overflow parsing GAMESS output files (closes: #703965).
+  * debian/patches/series: Adjusted.
+
+ -- Daniel Leidert <dleidert@debian.org>  Mon, 29 Jul 2013 00:42:50 +0200
+
 gabedit (2.4.2-2) unstable; urgency=low
 
   * debian/compat: Bumped dh compatibility level to 7.
diff -Nru gabedit-2.4.2/debian/patches/703965_fix_buffer_overflow.patch gabedit-2.4.2/debian/patches/703965_fix_buffer_overflow.patch
--- gabedit-2.4.2/debian/patches/703965_fix_buffer_overflow.patch	1970-01-01 01:00:00.000000000 +0100
+++ gabedit-2.4.2/debian/patches/703965_fix_buffer_overflow.patch	2013-07-29 00:03:38.000000000 +0200
@@ -0,0 +1,17 @@
+Author: Allouche Abdul-Rahman <allouche@lasim.univ-lyon1.fr>
+Reviewed-By: Daniel Leidert <dleidert@debian.org>
+Description: Fix a buffer overflow parsing GAMESS output files.
+Origin: http://sourceforge.net/p/gabedit/bugs/2/#f00e
+Bug: http://sourceforge.net/p/gabedit/bugs/2/
+Bug-Debian: http://bugs.debian.org/703965
+
+--- a/src/Display/AnimationGeomConv.c
++++ b/src/Display/AnimationGeomConv.c
+@@ -1441,6 +1441,7 @@
+           		if (l==2) AtomCoord[0][1]=tolower(AtomCoord[0][1]);
+ 
+ 
++    			sprintf(AtomCoord[0],"%s",get_symbol_using_z(atoi(dum)));
+     			sprintf(listOfAtoms[j].symbol,"%s",AtomCoord[0]);
+     			sprintf(listOfAtoms[j].mmType,"%s",AtomCoord[0]);
+     			sprintf(listOfAtoms[j].pdbType,"%s",AtomCoord[0]);
diff -Nru gabedit-2.4.2/debian/patches/series gabedit-2.4.2/debian/patches/series
--- gabedit-2.4.2/debian/patches/series	2012-06-10 18:26:03.000000000 +0200
+++ gabedit-2.4.2/debian/patches/series	2013-07-29 00:03:38.000000000 +0200
@@ -1 +1,2 @@
+703965_fix_buffer_overflow.patch
 hardening_fix.patch

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to:

Follow-Ups:
- Re: Proposed update: gabedit/2.4.2-2+wheezy1 fixing #703965
  - From: "Adam D. Barratt" <adam@adam-barratt.org.uk>

Prev by Date: Bug#718201: nmu: binNMUed M-A: same packages with changelog conflict
Next by Date: Re: Please let fonts-android migrate to testing
Previous by thread: Bug#718201: nmu: binNMUed M-A: same packages with changelog conflict
Next by thread: Re: Proposed update: gabedit/2.4.2-2+wheezy1 fixing #703965
Index(es):
- Date
- Thread