Package: release.debian.org Severity: normal Tags: trixie X-Debbugs-Cc: [email protected], [email protected] Control: affects -1 + src:squirrel3 User: [email protected] Usertags: pu
* CVE-2021-41556: Sandbox Escape (Closes: #1016212)
diffstat for squirrel3-3.1 squirrel3-3.1 changelog | 7 +++ patches/0001-check-max-member-count-in-class.patch | 39 +++++++++++++++++++++ patches/series | 1 3 files changed, 47 insertions(+) diff -Nru squirrel3-3.1/debian/changelog squirrel3-3.1/debian/changelog --- squirrel3-3.1/debian/changelog 2024-05-13 15:59:34.000000000 +0300 +++ squirrel3-3.1/debian/changelog 2026-06-18 23:28:11.000000000 +0300 @@ -1,3 +1,10 @@ +squirrel3 (3.1-8.2+deb13u1) trixie; urgency=medium + + * Non-maintainer upload. + * CVE-2021-41556: Sandbox Escape (Closes: #1016212) + + -- Adrian Bunk <[email protected]> Thu, 18 Jun 2026 23:28:11 +0300 + squirrel3 (3.1-8.2) unstable; urgency=medium * Non-maintainer upload. diff -Nru squirrel3-3.1/debian/patches/0001-check-max-member-count-in-class.patch squirrel3-3.1/debian/patches/0001-check-max-member-count-in-class.patch --- squirrel3-3.1/debian/patches/0001-check-max-member-count-in-class.patch 1970-01-01 02:00:00.000000000 +0200 +++ squirrel3-3.1/debian/patches/0001-check-max-member-count-in-class.patch 2026-06-18 23:28:11.000000000 +0300 @@ -0,0 +1,39 @@ +From 09ea18375e809950650e5c4467b5fd81edc82f16 Mon Sep 17 00:00:00 2001 +From: albertodemichelis <[email protected]> +Date: Thu, 16 Sep 2021 22:36:53 +0800 +Subject: check max member count in class + +--- + squirrel/sqclass.cpp | 3 +++ + squirrel/sqclass.h | 1 + + 2 files changed, 4 insertions(+) + +diff --git a/squirrel/sqclass.cpp b/squirrel/sqclass.cpp +index ec64b3d..7c4ae0c 100644 +--- a/squirrel/sqclass.cpp ++++ b/squirrel/sqclass.cpp +@@ -61,6 +61,9 @@ bool SQClass::NewSlot(SQSharedState *ss,const SQObjectPtr &key,const SQObjectPtr + _defaultvalues[_member_idx(temp)].val = val; + return true; + } ++ if (_members->CountUsed() >= MEMBER_MAX_COUNT) { ++ return false; ++ } + if(belongs_to_static_table) { + SQInteger mmidx; + if((type(val) == OT_CLOSURE || type(val) == OT_NATIVECLOSURE) && +diff --git a/squirrel/sqclass.h b/squirrel/sqclass.h +index 7d40217..60d3d21 100644 +--- a/squirrel/sqclass.h ++++ b/squirrel/sqclass.h +@@ -17,6 +17,7 @@ typedef sqvector<SQClassMember> SQClassMemberVec; + + #define MEMBER_TYPE_METHOD 0x01000000 + #define MEMBER_TYPE_FIELD 0x02000000 ++#define MEMBER_MAX_COUNT 0x00FFFFFF + + #define _ismethod(o) (_integer(o)&MEMBER_TYPE_METHOD) + #define _isfield(o) (_integer(o)&MEMBER_TYPE_FIELD) +-- +2.47.3 + diff -Nru squirrel3-3.1/debian/patches/series squirrel3-3.1/debian/patches/series --- squirrel3-3.1/debian/patches/series 2024-05-13 15:59:20.000000000 +0300 +++ squirrel3-3.1/debian/patches/series 2026-06-18 23:28:11.000000000 +0300 @@ -1,3 +1,4 @@ 01-fix-spelling-errors.patch 02-sphinx-ext.patch 03-fix-buffer-overflow.diff +0001-check-max-member-count-in-class.patch
