Bug#864384: unblock: libmwaw/0.3.9-2
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock
Please unblock (and age-days...) package libmwaw
Fixes a (security) bug found by fuzzing: CVE-2017-9433.
See #864366
Debdiff:
diff -Nru libmwaw-0.3.9/debian/changelog libmwaw-0.3.9/debian/changelog
--- libmwaw-0.3.9/debian/changelog 2016-11-23 22:47:03.000000000 +0100
+++ libmwaw-0.3.9/debian/changelog 2017-06-07 21:47:49.000000000 +0200
@@ -1,3 +1,9 @@
+libmwaw (0.3.9-2) unstable; urgency=medium
+
+ * apply upstream patch to fix CVE-2017-9433 (closes: #864366)
+
+ -- Rene Engelhard <rene@debian.org> Wed, 07 Jun 2017 21:47:49 +0200
+
libmwaw (0.3.9-1) unstable; urgency=medium
* Imported Upstream version 0.3.9
diff -Nru libmwaw-0.3.9/debian/patches/CVE-2017-9433.diff libmwaw-0.3.9/debian/patches/CVE-2017-9433.diff
--- libmwaw-0.3.9/debian/patches/CVE-2017-9433.diff 1970-01-01 01:00:00.000000000 +0100
+++ libmwaw-0.3.9/debian/patches/CVE-2017-9433.diff 2017-06-07 21:47:49.000000000 +0200
@@ -0,0 +1,11 @@
+--- a/src/lib/MsWrd1Parser.cxx
++++ b/src/lib/MsWrd1Parser.cxx
+@@ -902,7 +902,7 @@
+ int id = fIt++->second;
+ fPos[1] = fIt==footnoteMap.end() ? m_state->m_eot : fIt->first;
+ if (id >= int(m_state->m_footnotesList.size()))
+- m_state->m_footnotesList.resize(size_t(id),MWAWVec2l(0,0));
++ m_state->m_footnotesList.resize(size_t(id)+1,MWAWVec2l(0,0));
+ m_state->m_footnotesList[size_t(id)]=fPos;
+ }
+ ascii().addDelimiter(input->tell(),'|');
diff -Nru libmwaw-0.3.9/debian/patches/series libmwaw-0.3.9/debian/patches/series
--- libmwaw-0.3.9/debian/patches/series 1970-01-01 01:00:00.000000000 +0100
+++ libmwaw-0.3.9/debian/patches/series 2017-06-07 21:47:49.000000000 +0200
@@ -0,0 +1 @@
+CVE-2017-9433.diff
unblock libmwaw/0.3.9-2
Regards,
Rene
-- System Information:
Debian Release: 8.8
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: armhf (armv7l)
Kernel: Linux 3.18.0-trunk-rpi2 (SMP w/4 CPU cores; PREEMPT)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Reply to: