[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#776733: unblock: libsndfile/1.0.25-9.1

Package: release.debian.org
User: release.debian.org@packages.debian.org
Usertags: unblock
Severity: normal

Please consider unblocking libsndfile.  It fixes buffer overrun issues
(bug #774162).

unblock libsndfile/1.0.25-9.1

diff -Nru libsndfile-1.0.25/debian/changelog libsndfile-1.0.25/debian/changelog
--- libsndfile-1.0.25/debian/changelog	2014-01-29 19:43:08.000000000 +0000
+++ libsndfile-1.0.25/debian/changelog	2015-01-06 01:19:30.000000000 +0000
@@ -1,3 +1,10 @@
+libsndfile (1.0.25-9.1) unstable; urgency=high
+
+  * Non-maintainer upload by the Security Team.
+  * Fix CVE-2014-9496: buffer overread issues (closes: #774162).
+
+ -- Michael Gilbert <mgilbert@debian.org>  Sun, 04 Jan 2015 20:38:25 +0000
+
 libsndfile (1.0.25-9) unstable; urgency=low
 
   * debian/rules: Switch from autotools-dev to dh-autoreconf.
diff -Nru libsndfile-1.0.25/debian/patches/CVE-2014-9496.patch libsndfile-1.0.25/debian/patches/CVE-2014-9496.patch
--- libsndfile-1.0.25/debian/patches/CVE-2014-9496.patch	1970-01-01 00:00:00.000000000 +0000
+++ libsndfile-1.0.25/debian/patches/CVE-2014-9496.patch	2015-01-06 01:19:50.000000000 +0000
@@ -0,0 +1,31 @@
+description: fix buffer overread issues
+origin: https://github.com/erikd/libsndfile/commit/dbe14f00030af5d3577f4cabbf9861db59e9c378
+
+--- a/src/sd2.c
++++ b/src/sd2.c
+@@ -513,6 +513,11 @@ sd2_parse_rsrc_fork (SF_PRIVATE *psf)
+ 
+ 	rsrc.type_offset = rsrc.map_offset + 30 ;
+ 
++	if (rsrc.map_offset + 28 > rsrc.rsrc_len)
++	{       psf_log_printf (psf, "Bad map offset.\n") ;
++		goto parse_rsrc_fork_cleanup ;
++		} ;
++
+ 	rsrc.type_count = read_rsrc_short (&rsrc, rsrc.map_offset + 28) + 1 ;
+ 	if (rsrc.type_count < 1)
+ 	{	psf_log_printf (psf, "Bad type count.\n") ;
+@@ -529,7 +534,12 @@ sd2_parse_rsrc_fork (SF_PRIVATE *psf)
+ 
+ 	rsrc.str_index = -1 ;
+ 	for (k = 0 ; k < rsrc.type_count ; k ++)
+-	{	marker = read_rsrc_marker (&rsrc, rsrc.type_offset + k * 8) ;
++	{       if (rsrc.type_offset + k * 8 > rsrc.rsrc_len)
++		{       psf_log_printf (psf, "Bad rsrc marker.\n") ;
++			goto parse_rsrc_fork_cleanup ;
++			} ;
++
++		marker = read_rsrc_marker (&rsrc, rsrc.type_offset + k * 8) ;
+ 
+ 		if (marker == STR_MARKER)
+ 		{	rsrc.str_index = k ;
diff -Nru libsndfile-1.0.25/debian/patches/series libsndfile-1.0.25/debian/patches/series
--- libsndfile-1.0.25/debian/patches/series	2014-01-29 19:43:08.000000000 +0000
+++ libsndfile-1.0.25/debian/patches/series	2015-01-06 01:19:14.000000000 +0000
@@ -1,2 +1,3 @@
 00lossy_comp_test-overflow.diff
 01_sd2_rsrc_segfault.diff
+CVE-2014-9496.patch
Reply to: