libxfont: Changes to 'debian-squeeze'

To: debian-x@lists.debian.org
Subject: libxfont: Changes to 'debian-squeeze'
From: Julien Cristau <jcristau@moszumanska.debian.org>
Date: Tue, 07 Jan 2014 17:24:40 +0000
Message-id: <[🔎] E1W0aOO-0002PL-Gp@moszumanska.debian.org>

 debian/changelog                                                          |    6 ++
 debian/patches/CVE-2013-XXXX-unlimited-sscanf-can-overflow-stack-bu.patch |   28 ++++++++++
 debian/patches/series                                                     |    1 
 3 files changed, 35 insertions(+)

New commits:
commit eaa97effca85c48025b44fc27c726f558cc25498
Author: Julien Cristau <jcristau@debian.org>
Date:   Thu Dec 26 21:36:54 2013 +0100

    unlimited sscanf can overflow stack buffer in bdfReadCharacters()

diff --git a/debian/changelog b/debian/changelog
index bab3e01..2e4ddb6 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+libxfont (1:1.4.1-4) squeeze-security; urgency=high
+
+  * unlimited sscanf can overflow stack buffer in bdfReadCharacters()
+
+ -- Julien Cristau <jcristau@debian.org>  Thu, 26 Dec 2013 21:36:57 +0100
+
 libxfont (1:1.4.1-3) squeeze-security; urgency=high
 
   * Fix LZW decompression heap corruption (CVE-2011-2895).
diff --git a/debian/patches/CVE-2013-XXXX-unlimited-sscanf-can-overflow-stack-bu.patch b/debian/patches/CVE-2013-XXXX-unlimited-sscanf-can-overflow-stack-bu.patch
new file mode 100644
index 0000000..fa5f72d
--- /dev/null
+++ b/debian/patches/CVE-2013-XXXX-unlimited-sscanf-can-overflow-stack-bu.patch
@@ -0,0 +1,28 @@
+From b07483b605e77ea475b97d5dc829a7d5eb10a5d6 Mon Sep 17 00:00:00 2001
+From: Alan Coopersmith <alan.coopersmith@oracle.com>
+Date: Mon, 23 Dec 2013 18:34:02 -0800
+Subject: [PATCH:libXfont 1/2] CVE-2013-XXXX: unlimited sscanf can overflow
+ stack buffer in bdfReadCharacters()
+
+Fixes cppcheck warning:
+ [lib/libXfont/src/bitmap/bdfread.c:341]: (warning)
+  scanf without field width limits can crash with huge input data.
+
+Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
+---
+ src/bitmap/bdfread.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+Index: libxfont/src/bitmap/bdfread.c
+===================================================================
+--- libxfont.orig/src/bitmap/bdfread.c
++++ libxfont/src/bitmap/bdfread.c
+@@ -341,7 +341,7 @@ bdfReadCharacters(FontFilePtr file, Font
+ 	char        charName[100];
+ 	int         ignore;
+ 
+-	if (sscanf((char *) line, "STARTCHAR %s", charName) != 1) {
++	if (sscanf((char *) line, "STARTCHAR %99s", charName) != 1) {
+ 	    bdfError("bad character name in BDF file\n");
+ 	    goto BAILOUT;	/* bottom of function, free and return error */
+ 	}
diff --git a/debian/patches/series b/debian/patches/series
index e69de29..756d521 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -0,0 +1 @@
+CVE-2013-XXXX-unlimited-sscanf-can-overflow-stack-bu.patch

Reply to:

Prev by Date: libxfont: Changes to 'refs/tags/libxfont-1_1.4.1-4'
Next by Date: libxfont: Changes to 'debian-wheezy'
Previous by thread: libxfont: Changes to 'refs/tags/libxfont-1_1.4.1-4'
Next by thread: libxfont: Changes to 'debian-wheezy'
Index(es):
- Date
- Thread