Bug#459129: patch

Nico Golde Fri, 04 Jan 2008 06:10:40 -0800

tags 459129 + patch
thanks
Hi,
attached is a proposal for an NMU which includes a fix for 
this if you have no time for an update yourself. Please 
notify me in this case so i can upload.


It will be also archived on: 
http://people.debian.org/~nion/nmu-diff/libcdio-0.78.2+dfsg1-1_0.78.2+dfsg1-1.1.patch

Kind regards
Nico

-- 
Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.

diff -u libcdio-0.78.2+dfsg1/debian/changelog libcdio-0.78.2+dfsg1/debian/changelog
--- libcdio-0.78.2+dfsg1/debian/changelog
+++ libcdio-0.78.2+dfsg1/debian/changelog
@@ -1,3 +1,14 @@
+libcdio (0.78.2+dfsg1-1.1) unstable; urgency=high
+
+  * Non-maintainer upload by security team.
+  * This update addresses the following security issue:
+    - CVE-2007-6613: a stack-based buffer overflow in the
+    print_iso9660_recurse function could lead to cause a denial of service
+    or arbitrary code execution if the iso-info tool is used with a crafted
+    iso image (Closes: #459129).
+
+ -- Nico Golde <[EMAIL PROTECTED]>  Fri, 04 Jan 2008 14:06:57 +0100
+
 libcdio (0.78.2+dfsg1-1) unstable; urgency=low
 
   * Repack the source tarball to remove non-DFSG-free
only in patch2:
unchanged:
--- libcdio-0.78.2+dfsg1.orig/src/iso-info.c
+++ libcdio-0.78.2+dfsg1/src/iso-info.c
@@ -224,7 +224,7 @@
       iso9660_stat_t *p_statbuf = _cdio_list_node_data (entnode);
       char *psz_iso_name = p_statbuf->filename;
       char _fullname[4096] = { 0, };
-      char translated_name[MAX_ISONAME+1];
+	  char *translated_name = (char *) alloca(strlen(psz_iso_name)+1);
 
       if (yep != p_statbuf->rr.b3_rock || 1 == opts.no_rock_ridge) {
 	iso9660_name_translate_ext(psz_iso_name, translated_name, 
only in patch2:
unchanged:
--- libcdio-0.78.2+dfsg1.orig/src/cd-info.c
+++ libcdio-0.78.2+dfsg1/src/cd-info.c
@@ -539,7 +539,7 @@
       iso9660_stat_t *p_statbuf = _cdio_list_node_data (entnode);
       char *psz_iso_name = p_statbuf->filename;
       char _fullname[4096] = { 0, };
-      char translated_name[MAX_ISONAME+1];
+	  char *translated_name = (char *) alloca(strlen(psz_iso_name)+1);
 
       if (yep != p_statbuf->rr.b3_rock || 1 == opts.no_rock_ridge) {
 	iso9660_name_translate_ext(psz_iso_name, translated_name,

pgpKlCREkfSpl.pgp
Description: PGP signature

Bug#459129: patch

Reply via email to