Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian....@packages.debian.org
Usertags: pu
X-Debbugs-Cc: secur...@debian.org, Dirk Eddelbuettel <e...@debian.org>

  * CVE-2020-35357: buffer overflow when calculating the quantile value
    (Closes: #1052655)
diffstat for gsl-2.7.1+dfsg gsl-2.7.1+dfsg

 changelog                            |    8 +++
 patches/0001-fix-for-bug-59624.patch |   72 +++++++++++++++++++++++++++++++++++
 patches/series                       |    1 
 3 files changed, 81 insertions(+)

diff -Nru gsl-2.7.1+dfsg/debian/changelog gsl-2.7.1+dfsg/debian/changelog
--- gsl-2.7.1+dfsg/debian/changelog     2023-06-02 23:21:26.000000000 +0300
+++ gsl-2.7.1+dfsg/debian/changelog     2024-12-07 18:20:21.000000000 +0200
@@ -1,3 +1,11 @@
+gsl (2.7.1+dfsg-5+deb12u1) bookworm; urgency=medium
+
+  * Non-maintainer upload.
+  * CVE-2020-35357: buffer overflow when calculating the quantile value
+    (Closes: #1052655)
+
+ -- Adrian Bunk <b...@debian.org>  Sat, 07 Dec 2024 18:20:21 +0200
+
 gsl (2.7.1+dfsg-5) unstable; urgency=medium
 
   * debian/control: Actually add the 'Breaks' that was supposed to be in
diff -Nru gsl-2.7.1+dfsg/debian/patches/0001-fix-for-bug-59624.patch 
gsl-2.7.1+dfsg/debian/patches/0001-fix-for-bug-59624.patch
--- gsl-2.7.1+dfsg/debian/patches/0001-fix-for-bug-59624.patch  1970-01-01 
02:00:00.000000000 +0200
+++ gsl-2.7.1+dfsg/debian/patches/0001-fix-for-bug-59624.patch  2024-12-07 
18:20:10.000000000 +0200
@@ -0,0 +1,72 @@
+From fa31ba5ff30986094aa144bf9eda97bcaa264440 Mon Sep 17 00:00:00 2001
+From: Patrick Alken <al...@colorado.edu>
+Date: Sat, 16 Apr 2022 11:56:10 -0600
+Subject: fix for bug #59624
+
+---
+ statistics/quantiles.c        |  1 +
+ statistics/quantiles_source.c | 35 +++++++++++++++++++++--------------
+ 2 files changed, 22 insertions(+), 14 deletions(-)
+
+diff --git a/statistics/quantiles.c b/statistics/quantiles.c
+index 96a3a25c..50898d9b 100644
+--- a/statistics/quantiles.c
++++ b/statistics/quantiles.c
+@@ -1,5 +1,6 @@
+ #include <config.h>
+ #include <gsl/gsl_statistics.h>
++#include <gsl/gsl_errno.h>
+ 
+ #define BASE_LONG_DOUBLE
+ #include "templates_on.h"
+diff --git a/statistics/quantiles_source.c b/statistics/quantiles_source.c
+index e2956d9d..b2feba4c 100644
+--- a/statistics/quantiles_source.c
++++ b/statistics/quantiles_source.c
+@@ -24,22 +24,29 @@ FUNCTION(gsl_stats,quantile_from_sorted_data) (const BASE 
sorted_data[],
+                                                const size_t n,
+                                                const double f)
+ {
+-  const double index = f * (n - 1) ;
+-  const size_t lhs = (int)index ;
+-  const double delta = index - lhs ;
+-  double result;
+-
+-  if (n == 0)
+-    return 0.0 ;
+-
+-  if (lhs == n - 1)
++  if ((f < 0.0) || (f > 1.0))
+     {
+-      result = sorted_data[lhs * stride] ;
++      GSL_ERROR_VAL ("invalid quantile fraction", GSL_EDOM, 0.0);
+     }
+-  else 
++  else
+     {
+-      result = (1 - delta) * sorted_data[lhs * stride] + delta * 
sorted_data[(lhs + 1) * stride] ;
+-    }
++      const double index = f * (n - 1) ;
++      const size_t lhs = (int)index ;
++      const double delta = index - lhs ;
++      double result;
+ 
+-  return result ;
++      if (n == 0)
++        return 0.0 ;
++
++      if (lhs == n - 1)
++        {
++          result = sorted_data[lhs * stride] ;
++        }
++      else 
++        {
++          result = (1 - delta) * sorted_data[lhs * stride] + delta * 
sorted_data[(lhs + 1) * stride] ;
++        }
++
++      return result ;
++    }
+ }
+-- 
+2.30.2
+
diff -Nru gsl-2.7.1+dfsg/debian/patches/series 
gsl-2.7.1+dfsg/debian/patches/series
--- gsl-2.7.1+dfsg/debian/patches/series        2021-12-02 03:10:24.000000000 
+0200
+++ gsl-2.7.1+dfsg/debian/patches/series        2024-12-07 18:20:21.000000000 
+0200
@@ -5,3 +5,4 @@
 manual-page-correction
 ## renamed-delete
 ## correct-libtool-age-setting
+0001-fix-for-bug-59624.patch

Reply via email to