Package: release.debian.org Severity: normal Tags: bookworm User: release.debian....@packages.debian.org Usertags: pu X-Debbugs-Cc: secur...@debian.org, Dirk Eddelbuettel <e...@debian.org>
* CVE-2020-35357: buffer overflow when calculating the quantile value (Closes: #1052655)
diffstat for gsl-2.7.1+dfsg gsl-2.7.1+dfsg changelog | 8 +++ patches/0001-fix-for-bug-59624.patch | 72 +++++++++++++++++++++++++++++++++++ patches/series | 1 3 files changed, 81 insertions(+) diff -Nru gsl-2.7.1+dfsg/debian/changelog gsl-2.7.1+dfsg/debian/changelog --- gsl-2.7.1+dfsg/debian/changelog 2023-06-02 23:21:26.000000000 +0300 +++ gsl-2.7.1+dfsg/debian/changelog 2024-12-07 18:20:21.000000000 +0200 @@ -1,3 +1,11 @@ +gsl (2.7.1+dfsg-5+deb12u1) bookworm; urgency=medium + + * Non-maintainer upload. + * CVE-2020-35357: buffer overflow when calculating the quantile value + (Closes: #1052655) + + -- Adrian Bunk <b...@debian.org> Sat, 07 Dec 2024 18:20:21 +0200 + gsl (2.7.1+dfsg-5) unstable; urgency=medium * debian/control: Actually add the 'Breaks' that was supposed to be in diff -Nru gsl-2.7.1+dfsg/debian/patches/0001-fix-for-bug-59624.patch gsl-2.7.1+dfsg/debian/patches/0001-fix-for-bug-59624.patch --- gsl-2.7.1+dfsg/debian/patches/0001-fix-for-bug-59624.patch 1970-01-01 02:00:00.000000000 +0200 +++ gsl-2.7.1+dfsg/debian/patches/0001-fix-for-bug-59624.patch 2024-12-07 18:20:10.000000000 +0200 @@ -0,0 +1,72 @@ +From fa31ba5ff30986094aa144bf9eda97bcaa264440 Mon Sep 17 00:00:00 2001 +From: Patrick Alken <al...@colorado.edu> +Date: Sat, 16 Apr 2022 11:56:10 -0600 +Subject: fix for bug #59624 + +--- + statistics/quantiles.c | 1 + + statistics/quantiles_source.c | 35 +++++++++++++++++++++-------------- + 2 files changed, 22 insertions(+), 14 deletions(-) + +diff --git a/statistics/quantiles.c b/statistics/quantiles.c +index 96a3a25c..50898d9b 100644 +--- a/statistics/quantiles.c ++++ b/statistics/quantiles.c +@@ -1,5 +1,6 @@ + #include <config.h> + #include <gsl/gsl_statistics.h> ++#include <gsl/gsl_errno.h> + + #define BASE_LONG_DOUBLE + #include "templates_on.h" +diff --git a/statistics/quantiles_source.c b/statistics/quantiles_source.c +index e2956d9d..b2feba4c 100644 +--- a/statistics/quantiles_source.c ++++ b/statistics/quantiles_source.c +@@ -24,22 +24,29 @@ FUNCTION(gsl_stats,quantile_from_sorted_data) (const BASE sorted_data[], + const size_t n, + const double f) + { +- const double index = f * (n - 1) ; +- const size_t lhs = (int)index ; +- const double delta = index - lhs ; +- double result; +- +- if (n == 0) +- return 0.0 ; +- +- if (lhs == n - 1) ++ if ((f < 0.0) || (f > 1.0)) + { +- result = sorted_data[lhs * stride] ; ++ GSL_ERROR_VAL ("invalid quantile fraction", GSL_EDOM, 0.0); + } +- else ++ else + { +- result = (1 - delta) * sorted_data[lhs * stride] + delta * sorted_data[(lhs + 1) * stride] ; +- } ++ const double index = f * (n - 1) ; ++ const size_t lhs = (int)index ; ++ const double delta = index - lhs ; ++ double result; + +- return result ; ++ if (n == 0) ++ return 0.0 ; ++ ++ if (lhs == n - 1) ++ { ++ result = sorted_data[lhs * stride] ; ++ } ++ else ++ { ++ result = (1 - delta) * sorted_data[lhs * stride] + delta * sorted_data[(lhs + 1) * stride] ; ++ } ++ ++ return result ; ++ } + } +-- +2.30.2 + diff -Nru gsl-2.7.1+dfsg/debian/patches/series gsl-2.7.1+dfsg/debian/patches/series --- gsl-2.7.1+dfsg/debian/patches/series 2021-12-02 03:10:24.000000000 +0200 +++ gsl-2.7.1+dfsg/debian/patches/series 2024-12-07 18:20:21.000000000 +0200 @@ -5,3 +5,4 @@ manual-page-correction ## renamed-delete ## correct-libtool-age-setting +0001-fix-for-bug-59624.patch