Control: tags 1016212 + patch Control: tags 1016212 + pending Dear maintainer,
I've prepared an NMU for squirrel3 (versioned as 3.1-8.5) and uploaded it to DELAYED/2. Please feel free to tell me if I should cancel it. cu Adrian
diffstat for squirrel3-3.1 squirrel3-3.1 changelog | 7 +++ patches/0001-check-max-member-count-in-class.patch | 39 +++++++++++++++++++++ patches/series | 1 3 files changed, 47 insertions(+) diff -Nru squirrel3-3.1/debian/changelog squirrel3-3.1/debian/changelog --- squirrel3-3.1/debian/changelog 2026-04-11 14:47:28.000000000 +0300 +++ squirrel3-3.1/debian/changelog 2026-06-15 17:22:20.000000000 +0300 @@ -1,3 +1,10 @@ +squirrel3 (3.1-8.5) unstable; urgency=medium + + * Non-maintainer upload. + * CVE-2021-41556: Sandbox Escape (Closes: #1016212) + + -- Adrian Bunk <[email protected]> Mon, 15 Jun 2026 17:22:20 +0300 + squirrel3 (3.1-8.4) unstable; urgency=medium * Non-maintainer upload. diff -Nru squirrel3-3.1/debian/patches/0001-check-max-member-count-in-class.patch squirrel3-3.1/debian/patches/0001-check-max-member-count-in-class.patch --- squirrel3-3.1/debian/patches/0001-check-max-member-count-in-class.patch 1970-01-01 02:00:00.000000000 +0200 +++ squirrel3-3.1/debian/patches/0001-check-max-member-count-in-class.patch 2026-06-15 17:21:43.000000000 +0300 @@ -0,0 +1,39 @@ +From 09ea18375e809950650e5c4467b5fd81edc82f16 Mon Sep 17 00:00:00 2001 +From: albertodemichelis <[email protected]> +Date: Thu, 16 Sep 2021 22:36:53 +0800 +Subject: check max member count in class + +--- + squirrel/sqclass.cpp | 3 +++ + squirrel/sqclass.h | 1 + + 2 files changed, 4 insertions(+) + +diff --git a/squirrel/sqclass.cpp b/squirrel/sqclass.cpp +index ec64b3d..7c4ae0c 100644 +--- a/squirrel/sqclass.cpp ++++ b/squirrel/sqclass.cpp +@@ -61,6 +61,9 @@ bool SQClass::NewSlot(SQSharedState *ss,const SQObjectPtr &key,const SQObjectPtr + _defaultvalues[_member_idx(temp)].val = val; + return true; + } ++ if (_members->CountUsed() >= MEMBER_MAX_COUNT) { ++ return false; ++ } + if(belongs_to_static_table) { + SQInteger mmidx; + if((type(val) == OT_CLOSURE || type(val) == OT_NATIVECLOSURE) && +diff --git a/squirrel/sqclass.h b/squirrel/sqclass.h +index 7d40217..60d3d21 100644 +--- a/squirrel/sqclass.h ++++ b/squirrel/sqclass.h +@@ -17,6 +17,7 @@ typedef sqvector<SQClassMember> SQClassMemberVec; + + #define MEMBER_TYPE_METHOD 0x01000000 + #define MEMBER_TYPE_FIELD 0x02000000 ++#define MEMBER_MAX_COUNT 0x00FFFFFF + + #define _ismethod(o) (_integer(o)&MEMBER_TYPE_METHOD) + #define _isfield(o) (_integer(o)&MEMBER_TYPE_FIELD) +-- +2.47.3 + diff -Nru squirrel3-3.1/debian/patches/series squirrel3-3.1/debian/patches/series --- squirrel3-3.1/debian/patches/series 2025-10-26 22:12:22.000000000 +0200 +++ squirrel3-3.1/debian/patches/series 2026-06-15 17:22:18.000000000 +0300 @@ -2,3 +2,4 @@ 02-sphinx-ext.patch 03-fix-buffer-overflow.diff cmake-4.patch +0001-check-max-member-count-in-class.patch
