Sorry, I didn't attach the debdiff, it was only a 'git diff ...' Now I attached
the real debdiff.

Best,
Philip

diff -Nru rawtherapee-4.2/debian/changelog rawtherapee-4.2/debian/changelog
--- rawtherapee-4.2/debian/changelog    2015-06-09 20:45:39.000000000 +0200
+++ rawtherapee-4.2/debian/changelog    2016-10-06 12:36:00.000000000 +0200
@@ -1,3 +1,10 @@
+rawtherapee (4.2-1+deb8u2) jessie; urgency=high
+
+  * Add patch debian/patches/03-fix-overflow-in-dcraw.patch:
+    - Fix buffer overflow in dcraw (CVE-2015-8366)
+
+ -- Philip Rinn <ri...@inventati.org>  Thu, 06 Oct 2016 12:36:00 +0200
+
 rawtherapee (4.2-1+deb8u1) jessie; urgency=high
 
   * Add patch debian/patches/02-fix_CVE-2015-3885.patch:
diff -Nru rawtherapee-4.2/debian/patches/03-fix-overflow-in-dcraw.patch 
rawtherapee-4.2/debian/patches/03-fix-overflow-in-dcraw.patch
--- rawtherapee-4.2/debian/patches/03-fix-overflow-in-dcraw.patch       
1970-01-01 01:00:00.000000000 +0100
+++ rawtherapee-4.2/debian/patches/03-fix-overflow-in-dcraw.patch       
2016-10-06 12:35:26.000000000 +0200
@@ -0,0 +1,18 @@
+Author: Hubert Chathi <uho...@debian.org>
+Description: Fix buffer overflow in dcraw (CVE-2015-8366)
+Origin: 
https://vcs.uhoreg.ca/git/cgit/debpkg-ufraw/commit/?id=54688b5896b39003becdfee3c803c58c94f14df3
+Last-update: 2016-10-06
+--- a/rtengine/dcraw.cc
++++ b/rtengine/dcraw.cc
+@@ -3221,7 +3221,10 @@
+       diff = diff ? -diff : 0x80;
+     if (ftell(ifp) + 12 >= seg[1][1])
+       diff = 0;
+-    raw_image[pix] = pred[pix & 1] += diff;
++    if(pix>=raw_width*raw_height)
++      derror();
++    else
++      raw_image[pix] = pred[pix & 1] += diff;
+     if (!(pix & 1) && HOLE(pix / raw_width)) pix += 2;
+   }
+   maximum = 0xff;
diff -Nru rawtherapee-4.2/debian/patches/series 
rawtherapee-4.2/debian/patches/series
--- rawtherapee-4.2/debian/patches/series       2015-05-14 17:30:07.000000000 
+0200
+++ rawtherapee-4.2/debian/patches/series       2016-10-06 12:35:47.000000000 
+0200
@@ -1,2 +1,3 @@
 01-fix_build_race-condition.patch
 02-fix_CVE-2015-3885.patch
+03-fix-overflow-in-dcraw.patch

Attachment: signature.asc
Description: OpenPGP digital signature

Reply via email to