Bug#819119: jessie-pu: package libsndfile/1.0.25-9.1+deb8u1

Wed, 23 Mar 2016 14:57:39 -0700 

Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian....@packages.debian.org
Usertags: pu

Another update for no-dsa security issues, this time in libsndfile.
The patches have been used in unstable for over four months, the
extensive test suite passes and I made additional functionality tests
with the resulting build.

Debdiff below.

Cheers,
        Moritz

diff -Nru libsndfile-1.0.25/debian/changelog libsndfile-1.0.25/debian/changelog
--- libsndfile-1.0.25/debian/changelog  2015-01-26 02:32:12.000000000 +0100
+++ libsndfile-1.0.25/debian/changelog  2016-03-23 22:40:07.000000000 +0100
@@ -1,3 +1,12 @@
+libsndfile (1.0.25-9.1+deb8u1) jessie; urgency=medium
+
+  * Fix denial of service through division by zero (CVE-2014-9756)
+    -> 03_file_io_divide_by_zero.diff (Closes: #804447)
+  * Fix heap overflow in AIFF parser (CVE-2015-7805)
+    -> 04_fix_aiff_heap_overflow.diff (Closes: #804445)
+
+ -- Moritz Mühlenhoff <j...@debian.org>  Wed, 23 Mar 2016 00:34:11 +0100
+
 libsndfile (1.0.25-9.1) unstable; urgency=high
 
   * Non-maintainer upload by the Security Team.
diff -Nru libsndfile-1.0.25/debian/patches/03_file_io_divide_by_zero.diff 
libsndfile-1.0.25/debian/patches/03_file_io_divide_by_zero.diff
--- libsndfile-1.0.25/debian/patches/03_file_io_divide_by_zero.diff     
1970-01-01 01:00:00.000000000 +0100
+++ libsndfile-1.0.25/debian/patches/03_file_io_divide_by_zero.diff     
2016-03-23 22:29:46.000000000 +0100
@@ -0,0 +1,22 @@
+commit 725c7dbb95bfaf8b4bb7b04820e3a00cceea9ce6
+Author: Erik de Castro Lopo <er...@mega-nerd.com>
+Date:   Wed Dec 24 21:02:35 2014 +1100
+
+    src/file_io.c : Prevent potential divide-by-zero.
+    
+    Closes: https://github.com/erikd/libsndfile/issues/92
+
+Index: libsndfile-1.0.25/src/file_io.c
+===================================================================
+--- libsndfile-1.0.25.orig/src/file_io.c
++++ libsndfile-1.0.25/src/file_io.c
+@@ -358,6 +358,9 @@
+ {     sf_count_t total = 0 ;
+       ssize_t count ;
+ 
++      if (bytes == 0 || items == 0)
++              return 0 ;
++
+       if (psf->virtual_io)
+               return psf->vio.write (ptr, bytes*items, psf->vio_user_data) / 
bytes ;
+ 
diff -Nru libsndfile-1.0.25/debian/patches/04_fix_aiff_heap_overflow.diff 
libsndfile-1.0.25/debian/patches/04_fix_aiff_heap_overflow.diff
--- libsndfile-1.0.25/debian/patches/04_fix_aiff_heap_overflow.diff     
1970-01-01 01:00:00.000000000 +0100
+++ libsndfile-1.0.25/debian/patches/04_fix_aiff_heap_overflow.diff     
2016-03-23 22:29:53.000000000 +0100
@@ -0,0 +1,18 @@
+commit e4a75172f83894a4e821807b6d94770095ddaeff
+Author: Erik de Castro Lopo <er...@mega-nerd.com>
+Date:   Mon Nov 9 22:10:35 2015 +1100
+
+diff --git a/src/common.c b/src/common.c
+index 8aadbab..543c2c8 100644
+--- a/src/common.c
++++ b/src/common.c
+@@ -805,7 +805,8 @@ header_read (SF_PRIVATE *psf, void *ptr, int bytes)
+       if (psf->headindex + bytes > SIGNED_SIZEOF (psf->header))
+       {       int most ;
+ 
+-              most = SIGNED_SIZEOF (psf->header) - psf->headindex ;
++              most = SIGNED_SIZEOF (psf->header) - psf->headend ;
++
+               psf_fread (psf->header + psf->headend, 1, most, psf) ;
+               memset ((char *) ptr + most, 0, bytes - most) ;
+ 
diff -Nru libsndfile-1.0.25/debian/patches/series 
libsndfile-1.0.25/debian/patches/series
--- libsndfile-1.0.25/debian/patches/series     2015-01-26 02:31:39.000000000 
+0100
+++ libsndfile-1.0.25/debian/patches/series     2016-03-23 22:30:30.000000000 
+0100
@@ -1,3 +1,5 @@
 00lossy_comp_test-overflow.diff
 01_sd2_rsrc_segfault.diff
 CVE-2014-9496.patch
+03_file_io_divide_by_zero.diff
+04_fix_aiff_heap_overflow.diff

Reply via email to