Bug#906042: stretch-pu: package libxcursor/1:1.1.14-1+deb9u2

To: submit@bugs.debian.org
Subject: Bug#906042: stretch-pu: package libxcursor/1:1.1.14-1+deb9u2
From: Chris Lamb <lamby@debian.org>
Date: Mon, 13 Aug 2018 15:26:27 +0100
Message-id: <[🔎] 1534170387.1420721.1472500432.38DD19BC@webmail.messagingengine.com>
Reply-to: Chris Lamb <lamby@debian.org>, 906042@bugs.debian.org

Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian.org@packages.debian.org
Usertags: pu

Dear stable release manager,

Please consider libxcursor (1:1.1.14-1+deb9u2) for stretch:
  
  libxcursor (1:1.1.14-1+deb9u2) stretch; urgency=high
  
    * Fix a denial of service or potentially code execution via
      a one-byte heap overflow. (CVE-2015-9262) Closes: #906012)


The full diff is attached.


Regards,

-- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org / chris-lamb.co.uk
       `-

diff --git a/debian/changelog b/debian/changelog
index a0673f8..ac26e16 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+libxcursor (1:1.1.14-1+deb9u2) stretch; urgency=high
+
+  * Fix a denial of service or potentially code execution via
+    a one-byte heap overflow. (CVE-2015-9262) Closes: #906012)
+
+ -- Chris Lamb <lamby@debian.org>  Mon, 13 Aug 2018 09:09:13 +0200
+
 libxcursor (1:1.1.14-1+deb9u1) stretch-security; urgency=high
 
   * Non-maintainer upload by the Security Team.
diff --git a/debian/patches/CVE-2015-9262.patch b/debian/patches/CVE-2015-9262.patch
new file mode 100644
index 0000000..1191b93
--- /dev/null
+++ b/debian/patches/CVE-2015-9262.patch
@@ -0,0 +1,23 @@
+commit 897213f36baf6926daf6d192c709cf627aa5fd05
+Author: shubham shrivastav <shubham.sh@samsung.com>
+Date:   Fri Jun 5 13:36:22 2015 -0700
+
+    Insufficient memory for terminating null of string in _XcursorThemeInherits
+
+    Fix does one byte of memory allocation for null termination of string.
+    https://bugs.freedesktop.org/show_bug.cgi?id=90857
+
+    Reviewed-by: Keith Packard <keithp@keithp.com>
+    Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
+
+--- libxcursor-1.1.14.orig/src/library.c
++++ libxcursor-1.1.14/src/library.c
+@@ -180,7 +180,7 @@ _XcursorThemeInherits (const char *full)
+ 		if (*l != '=') continue;
+ 		l++;
+ 		while (*l == ' ') l++;
+-		result = malloc (strlen (l));
++		result = malloc (strlen (l) + 1);
+ 		if (result)
+ 		{
+ 		    r = result;
diff --git a/debian/patches/series b/debian/patches/series
index b5ab2b3..6570382 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1 +1,2 @@
+CVE-2015-9262.patch
 Fix-heap-overflows-when-parsing-malicious-files.-CVE.patch

Reply to:

Follow-Ups:
- Bug#906042: stretch-pu: package libxcursor/1:1.1.14-1+deb9u2
  - From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
- Processed: Re: stretch-pu: package libxcursor/1:1.1.14-1+deb9u2
  - From: "Debian Bug Tracking System" <owner@bugs.debian.org>
- Bug#906042: stretch-pu: package libxcursor/1:1.1.14-1+deb9u2
  - From: Chris Lamb <lamby@debian.org>
- Processed: Re: Bug#906042: stretch-pu: package libxcursor/1:1.1.14-1+deb9u2
  - From: "Debian Bug Tracking System" <owner@bugs.debian.org>
- Processed: Re: Bug#906042: stretch-pu: package libxcursor/1:1.1.14-1+deb9u2
  - From: "Debian Bug Tracking System" <owner@bugs.debian.org>
- Processed: libxcursor 1.1.14-1+deb9u2 flagged for acceptance
  - From: "Debian Bug Tracking System" <owner@bugs.debian.org>
- Bug#906042: libxcursor 1.1.14-1+deb9u2 flagged for acceptance
  - From: Adam D Barratt <adam@adam-barratt.org.uk>
- Processed: libxcursor 1.1.14-1+deb9u2 flagged for acceptance
  - From: "Debian Bug Tracking System" <owner@bugs.debian.org>

Prev by Date: Missing thunar transition
Next by Date: Re: Missing thunar transition
Previous by thread: Re: Missing thunar transition
Next by thread: Bug#906042: stretch-pu: package libxcursor/1:1.1.14-1+deb9u2
Index(es):
- Date
- Thread