Bug#819119: jessie-pu: package libsndfile/1.0.25-9.1+deb8u1
Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian.org@packages.debian.org
Usertags: pu
Another update for no-dsa security issues, this time in libsndfile.
The patches have been used in unstable for over four months, the
extensive test suite passes and I made additional functionality tests
with the resulting build.
Debdiff below.
Cheers,
Moritz
diff -Nru libsndfile-1.0.25/debian/changelog libsndfile-1.0.25/debian/changelog
--- libsndfile-1.0.25/debian/changelog 2015-01-26 02:32:12.000000000 +0100
+++ libsndfile-1.0.25/debian/changelog 2016-03-23 22:40:07.000000000 +0100
@@ -1,3 +1,12 @@
+libsndfile (1.0.25-9.1+deb8u1) jessie; urgency=medium
+
+ * Fix denial of service through division by zero (CVE-2014-9756)
+ -> 03_file_io_divide_by_zero.diff (Closes: #804447)
+ * Fix heap overflow in AIFF parser (CVE-2015-7805)
+ -> 04_fix_aiff_heap_overflow.diff (Closes: #804445)
+
+ -- Moritz Mühlenhoff <jmm@debian.org> Wed, 23 Mar 2016 00:34:11 +0100
+
libsndfile (1.0.25-9.1) unstable; urgency=high
* Non-maintainer upload by the Security Team.
diff -Nru libsndfile-1.0.25/debian/patches/03_file_io_divide_by_zero.diff libsndfile-1.0.25/debian/patches/03_file_io_divide_by_zero.diff
--- libsndfile-1.0.25/debian/patches/03_file_io_divide_by_zero.diff 1970-01-01 01:00:00.000000000 +0100
+++ libsndfile-1.0.25/debian/patches/03_file_io_divide_by_zero.diff 2016-03-23 22:29:46.000000000 +0100
@@ -0,0 +1,22 @@
+commit 725c7dbb95bfaf8b4bb7b04820e3a00cceea9ce6
+Author: Erik de Castro Lopo <erikd@mega-nerd.com>
+Date: Wed Dec 24 21:02:35 2014 +1100
+
+ src/file_io.c : Prevent potential divide-by-zero.
+
+ Closes: https://github.com/erikd/libsndfile/issues/92
+
+Index: libsndfile-1.0.25/src/file_io.c
+===================================================================
+--- libsndfile-1.0.25.orig/src/file_io.c
++++ libsndfile-1.0.25/src/file_io.c
+@@ -358,6 +358,9 @@
+ { sf_count_t total = 0 ;
+ ssize_t count ;
+
++ if (bytes == 0 || items == 0)
++ return 0 ;
++
+ if (psf->virtual_io)
+ return psf->vio.write (ptr, bytes*items, psf->vio_user_data) / bytes ;
+
diff -Nru libsndfile-1.0.25/debian/patches/04_fix_aiff_heap_overflow.diff libsndfile-1.0.25/debian/patches/04_fix_aiff_heap_overflow.diff
--- libsndfile-1.0.25/debian/patches/04_fix_aiff_heap_overflow.diff 1970-01-01 01:00:00.000000000 +0100
+++ libsndfile-1.0.25/debian/patches/04_fix_aiff_heap_overflow.diff 2016-03-23 22:29:53.000000000 +0100
@@ -0,0 +1,18 @@
+commit e4a75172f83894a4e821807b6d94770095ddaeff
+Author: Erik de Castro Lopo <erikd@mega-nerd.com>
+Date: Mon Nov 9 22:10:35 2015 +1100
+
+diff --git a/src/common.c b/src/common.c
+index 8aadbab..543c2c8 100644
+--- a/src/common.c
++++ b/src/common.c
+@@ -805,7 +805,8 @@ header_read (SF_PRIVATE *psf, void *ptr, int bytes)
+ if (psf->headindex + bytes > SIGNED_SIZEOF (psf->header))
+ { int most ;
+
+- most = SIGNED_SIZEOF (psf->header) - psf->headindex ;
++ most = SIGNED_SIZEOF (psf->header) - psf->headend ;
++
+ psf_fread (psf->header + psf->headend, 1, most, psf) ;
+ memset ((char *) ptr + most, 0, bytes - most) ;
+
diff -Nru libsndfile-1.0.25/debian/patches/series libsndfile-1.0.25/debian/patches/series
--- libsndfile-1.0.25/debian/patches/series 2015-01-26 02:31:39.000000000 +0100
+++ libsndfile-1.0.25/debian/patches/series 2016-03-23 22:30:30.000000000 +0100
@@ -1,3 +1,5 @@
00lossy_comp_test-overflow.diff
01_sd2_rsrc_segfault.diff
CVE-2014-9496.patch
+03_file_io_divide_by_zero.diff
+04_fix_aiff_heap_overflow.diff
Reply to: