Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian.org@packages.debian.org
Usertags: pu
Getting there, promise.
Cheers,
Julien
diff -u libxvmc-1.0.8/debian/changelog libxvmc-1.0.8/debian/changelog
--- libxvmc-1.0.8/debian/changelog
+++ libxvmc-1.0.8/debian/changelog
@@ -1,3 +1,9 @@
+libxvmc (2:1.0.8-2+deb8u1) jessie; urgency=medium
+
+ * Avoid buffer underflow on empty strings (CVE-2016-7953)
+
+ -- Julien Cristau <jcristau@debian.org> Sat, 07 Jan 2017 16:34:22 +0100
+
libxvmc (2:1.0.8-2) unstable; urgency=low
* Link libXvMCW.so against -ldl (closes: #610592)
only in patch2:
unchanged:
--- libxvmc-1.0.8.orig/src/XvMC.c
+++ libxvmc-1.0.8/src/XvMC.c
@@ -587,9 +587,9 @@
if (*name && *busID && tmpBuf) {
_XRead(dpy, tmpBuf, realSize);
strncpy(*name,tmpBuf,rep.nameLen);
- (*name)[rep.nameLen - 1] = '\0';
+ (*name)[rep.nameLen == 0 ? 0 : rep.nameLen - 1] = '\0';
strncpy(*busID,tmpBuf+rep.nameLen,rep.busIDLen);
- (*busID)[rep.busIDLen - 1] = '\0';
+ (*busID)[rep.busIDLen == 0 ? 0 : rep.busIDLen - 1] = '\0';
XFree(tmpBuf);
} else {
XFree(*name);
Attachment:
signature.asc
Description: PGP signature