Bug#698292: Attachments for 698292

Wed, 16 Jan 2013 10:54:19 -0800 

Forgot the attachments, sorry.

Adrian

-- 
 .''`.  John Paul Adrian Glaubitz
: :' :  Debian Developer - [email protected]
`. `'   Freie Universitaet Berlin - [email protected]
  `-    GPG: 62FF 8A75 84E0 2956 9546  0006 7426 3B37 F5B5 F913

diff -Nru virtualbox-4.1.18-dfsg/debian/changelog virtualbox-4.1.18-dfsg-CVE-2013-0420/debian/changelog
--- virtualbox-4.1.18-dfsg/debian/changelog	2012-10-18 22:41:45.000000000 +0200
+++ virtualbox-4.1.18-dfsg-CVE-2013-0420/debian/changelog	2013-01-16 19:38:55.253115848 +0100
@@ -1,3 +1,11 @@
+virtualbox (4.1.18-dfsg-1.2) unstable; urgency=low
+
+  * Non-maintainer upload.
+  * Include patch to fix virtual graphics device user
+    vulnerability CVE-2013-0420. (Closes: #698292)
+
+ -- John Paul Adrian Glaubitz <[email protected]>  Wed, 16 Jan 2013 19:33:59 +0100
+
 virtualbox (4.1.18-dfsg-1.1) unstable; urgency=high
 
   * Non-maintainer upload.
diff -Nru virtualbox-4.1.18-dfsg/debian/patches/CVE-2013-0420.patch virtualbox-4.1.18-dfsg-CVE-2013-0420/debian/patches/CVE-2013-0420.patch
--- virtualbox-4.1.18-dfsg/debian/patches/CVE-2013-0420.patch	1970-01-01 01:00:00.000000000 +0100
+++ virtualbox-4.1.18-dfsg-CVE-2013-0420/debian/patches/CVE-2013-0420.patch	2013-01-16 19:33:23.401693344 +0100
@@ -0,0 +1,11 @@
+--- virtualbox-4.1.18-dfsg.orig/src/VBox/Devices/Graphics/DevVGA.cpp
++++ virtualbox-4.1.18-dfsg/src/VBox/Devices/Graphics/DevVGA.cpp
+@@ -1795,7 +1795,7 @@ static int vga_draw_text(VGAState *s, in
+     cx_max_upd = -1;
+     cx_min_upd = width;
+ 
+-    for(cy = 0; cy < height; cy = cy + (1 << dscan)) {
++    for(cy = 0; cy < (height - dscan); cy = cy + (1 << dscan)) {
+         d1 = dest;
+         src = s1;
+         cx_min = width;
diff -Nru virtualbox-4.1.18-dfsg/debian/patches/series virtualbox-4.1.18-dfsg-CVE-2013-0420/debian/patches/series
--- virtualbox-4.1.18-dfsg/debian/patches/series	2012-10-18 22:39:18.000000000 +0200
+++ virtualbox-4.1.18-dfsg-CVE-2013-0420/debian/patches/series	2013-01-16 19:29:02.728434319 +0100
@@ -15,3 +15,4 @@
 35-libvdeplug-soname.patch
 36-fix-ftbfs-xserver-112.patch
 cve-2012-3221.patch
+CVE-2013-0420.patch

--- virtualbox-4.1.18-dfsg.orig/src/VBox/Devices/Graphics/DevVGA.cpp
+++ virtualbox-4.1.18-dfsg/src/VBox/Devices/Graphics/DevVGA.cpp
@@ -1795,7 +1795,7 @@ static int vga_draw_text(VGAState *s, in
     cx_max_upd = -1;
     cx_min_upd = width;
 
-    for(cy = 0; cy < height; cy = cy + (1 << dscan)) {
+    for(cy = 0; cy < (height - dscan); cy = cy + (1 << dscan)) {
         d1 = dest;
         src = s1;
         cx_min = width;

Reply via email to