Bug#864384: unblock: libmwaw/0.3.9-2

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#864384: unblock: libmwaw/0.3.9-2
From: Rene Engelhard <rene@debian.org>
Date: Wed, 7 Jun 2017 22:03:04 +0200
Message-id: <[🔎] 20170607200304.GA23330@rene-engelhard.de>
Reply-to: Rene Engelhard <rene@debian.org>, 864384@bugs.debian.org

Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

Please unblock (and age-days...) package libmwaw

Fixes a (security) bug found by fuzzing: CVE-2017-9433.
See #864366

Debdiff:

diff -Nru libmwaw-0.3.9/debian/changelog libmwaw-0.3.9/debian/changelog
--- libmwaw-0.3.9/debian/changelog	2016-11-23 22:47:03.000000000 +0100
+++ libmwaw-0.3.9/debian/changelog	2017-06-07 21:47:49.000000000 +0200
@@ -1,3 +1,9 @@
+libmwaw (0.3.9-2) unstable; urgency=medium
+
+  * apply upstream patch to fix CVE-2017-9433 (closes: #864366)
+
+ -- Rene Engelhard <rene@debian.org>  Wed, 07 Jun 2017 21:47:49 +0200
+
 libmwaw (0.3.9-1) unstable; urgency=medium
 
   * Imported Upstream version 0.3.9
diff -Nru libmwaw-0.3.9/debian/patches/CVE-2017-9433.diff libmwaw-0.3.9/debian/patches/CVE-2017-9433.diff
--- libmwaw-0.3.9/debian/patches/CVE-2017-9433.diff	1970-01-01 01:00:00.000000000 +0100
+++ libmwaw-0.3.9/debian/patches/CVE-2017-9433.diff	2017-06-07 21:47:49.000000000 +0200
@@ -0,0 +1,11 @@
+--- a/src/lib/MsWrd1Parser.cxx
++++ b/src/lib/MsWrd1Parser.cxx
+@@ -902,7 +902,7 @@
+     int id = fIt++->second;
+     fPos[1] = fIt==footnoteMap.end() ? m_state->m_eot : fIt->first;
+     if (id >= int(m_state->m_footnotesList.size()))
+-      m_state->m_footnotesList.resize(size_t(id),MWAWVec2l(0,0));
++      m_state->m_footnotesList.resize(size_t(id)+1,MWAWVec2l(0,0));
+     m_state->m_footnotesList[size_t(id)]=fPos;
+   }
+   ascii().addDelimiter(input->tell(),'|');
diff -Nru libmwaw-0.3.9/debian/patches/series libmwaw-0.3.9/debian/patches/series
--- libmwaw-0.3.9/debian/patches/series	1970-01-01 01:00:00.000000000 +0100
+++ libmwaw-0.3.9/debian/patches/series	2017-06-07 21:47:49.000000000 +0200
@@ -0,0 +1 @@
+CVE-2017-9433.diff

unblock libmwaw/0.3.9-2

Regards,

Rene

-- System Information:
Debian Release: 8.8
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: armhf (armv7l)

Kernel: Linux 3.18.0-trunk-rpi2 (SMP w/4 CPU cores; PREEMPT)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Reply to:

Follow-Ups:
- Bug#864384: marked as done (unblock: libmwaw/0.3.9-2)
  - From: owner@bugs.debian.org (Debian Bug Tracking System)

Prev by Date: Processed: Re: Bug#864373: unblock: ycmd/0+20161219+git486b809-2.1
Next by Date: Bug#864373: marked as done (unblock: ycmd/0+20161219+git486b809-2.1)
Previous by thread: Bug#864383: marked as done (unblock: libp11-openssl1.1/0.4.4-4)
Next by thread: Bug#864384: marked as done (unblock: libmwaw/0.3.9-2)
Index(es):
- Date
- Thread