Brian May <[email protected]> writes: > Confirmed this fixes the problem, at least on wheezy.
I have a package available for testing. https://people.debian.org/~bam/debian/pool/main/a/autotrace/ Attached is the debdiff. -- Brian May <[email protected]>
diff -Nru autotrace-0.31.1/debian/changelog autotrace-0.31.1/debian/changelog --- autotrace-0.31.1/debian/changelog 2011-08-08 10:23:33.000000000 +1000 +++ autotrace-0.31.1/debian/changelog 2016-09-12 18:05:03.000000000 +1000 @@ -1,3 +1,10 @@ +autotrace (0.31.1-16+deb7u1) wheezy-security; urgency=high + + * Non-maintainer upload by the LTS Team. + * Apply patch to fix CVE-2016-7392. + + -- Brian May <[email protected]> Mon, 12 Sep 2016 18:03:32 +1000 + autotrace (0.31.1-16) unstable; urgency=low * Bumped Standards-Version to 3.9.2 diff -Nru autotrace-0.31.1/debian/patches/CVE-2016-7392.patch autotrace-0.31.1/debian/patches/CVE-2016-7392.patch --- autotrace-0.31.1/debian/patches/CVE-2016-7392.patch 1970-01-01 10:00:00.000000000 +1000 +++ autotrace-0.31.1/debian/patches/CVE-2016-7392.patch 2016-09-12 18:03:28.000000000 +1000 @@ -0,0 +1,11 @@ +--- a/output-pstoedit.c ++++ b/output-pstoedit.c +@@ -84,7 +84,7 @@ + dd_tmp = dd_start; + while (dd_tmp->symbolicname) + dd_tmp++; +- XMALLOC(pstoedit_suffix_table, sizeof(char *) * 2 * (dd_tmp - dd_start) + 1); ++ XMALLOC(pstoedit_suffix_table, sizeof(char *) * (2 * (dd_tmp - dd_start) + 1)); + + #if defined (OUTPUT_PSTOEDIT_DEBUG) && defined(__GNUC__) + fprintf(stderr, "OUTPUT PSTOEDIT BACKEND DEBUG(%s)\n", __FUNCTION__); diff -Nru autotrace-0.31.1/debian/patches/series autotrace-0.31.1/debian/patches/series --- autotrace-0.31.1/debian/patches/series 2011-08-08 19:14:31.000000000 +1000 +++ autotrace-0.31.1/debian/patches/series 2016-09-12 18:02:37.000000000 +1000 @@ -10,3 +10,4 @@ output-pstoedit.c.patch output-pstoedit.h.patch README.patch +CVE-2016-7392.patch
