Andreas Tille pushed to branch master at Debian Med / libgclib
Commits: c118e9b0 by Andreas Tille at 2021-10-18T09:54:40+02:00 Fix CVE-2021-42006 - - - - - 3fabee3c by Andreas Tille at 2021-10-18T09:56:15+02:00 routine-update: Ready to upload to unstable - - - - - 3 changed files: - debian/changelog - + debian/patches/CVE-2021-42006.patch - debian/patches/series Changes: ===================================== debian/changelog ===================================== @@ -1,3 +1,9 @@ +libgclib (0.12.7+ds-2) unstable; urgency=medium + + * Fix CVE-2021-42006 + + -- Andreas Tille <[email protected]> Mon, 18 Oct 2021 09:55:11 +0200 + libgclib (0.12.7+ds-1) unstable; urgency=medium * Fix watchfile to detect new versions on github ===================================== debian/patches/CVE-2021-42006.patch ===================================== @@ -0,0 +1,27 @@ +Description: Fix CVE-2021-42006 +Origin: https://github.com/gpertea/gclib/issues/11 +Author: Andreas Tille <[email protected]> +Last-Update: Mon, 18 Oct 2021 09:52:44 +0200 + +--- a/gff.cpp ++++ b/gff.cpp +@@ -405,7 +405,7 @@ GffLine::GffLine(GffReader* reader, cons + GMALLOC(dupline, llen+1); + memcpy(dupline, l, llen+1); + skipLine=true; //clear only if we make it to the end of this function +- char* t[9]; ++ char* t[9] = {0}; + int i=0; + int tidx=1; + t[0]=line; +@@ -430,6 +430,10 @@ GffLine::GffLine(GffReader* reader, cons + track=t[1]; + ftype=t[2]; + info=t[8]; ++ if (!info) { ++ GMessage("Warning: missing info:\n%s\n",l); ++ return; ++ } + char* p=t[3]; + if (!parseUInt(p,fstart)) { + //chromosome_band entries in Flybase ===================================== debian/patches/series ===================================== @@ -1 +1,2 @@ autoconf.patch +CVE-2021-42006.patch View it on GitLab: https://salsa.debian.org/med-team/libgclib/-/compare/1c69ccf274998b51bc214d75513ddad3a321be5c...3fabee3c36393dd5e5b4a6995342a4c5b43e989f -- View it on GitLab: https://salsa.debian.org/med-team/libgclib/-/compare/1c69ccf274998b51bc214d75513ddad3a321be5c...3fabee3c36393dd5e5b4a6995342a4c5b43e989f You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-med-commit mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-med-commit
