commit:     bc96ef44f74ca888b006e06cc4b0aad99ac6530d
Author:     Mart Raudsepp <leio <AT> gentoo <DOT> org>
AuthorDate: Mon Oct  9 19:59:34 2023 +0000
Commit:     Mart Raudsepp <leio <AT> gentoo <DOT> org>
CommitDate: Mon Oct  9 19:59:34 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bc96ef44

media-libs/libcue: fix CVE-2023-43641

Bug: https://bugs.gentoo.org/915500
Signed-off-by: Mart Raudsepp <leio <AT> gentoo.org>

 media-libs/libcue/files/CVE-2023-43641.patch | 15 +++++++++++++++
 media-libs/libcue/libcue-2.2.1-r1.ebuild     | 24 ++++++++++++++++++++++++
 2 files changed, 39 insertions(+)

diff --git a/media-libs/libcue/files/CVE-2023-43641.patch 
b/media-libs/libcue/files/CVE-2023-43641.patch
new file mode 100644
index 000000000000..b94de663aaa0
--- /dev/null
+++ b/media-libs/libcue/files/CVE-2023-43641.patch
@@ -0,0 +1,15 @@
+https://github.blog/2023-10-09-coordinated-disclosure-1-click-rce-on-gnome-cve-2023-43641/
+
+diff --git a/cd.c b/cd.c
+index cf77a18..4bbea19 100644
+--- a/cd.c
++++ b/cd.c
+@@ -339,7 +339,7 @@ track_get_rem(const Track* track)
+
+ void track_set_index(Track *track, int i, long ind)
+ {
+-      if (i > MAXINDEX) {
++      if (i < 0 || i > MAXINDEX) {
+               fprintf(stderr, "too many indexes\n");
+                return;
+        }

diff --git a/media-libs/libcue/libcue-2.2.1-r1.ebuild 
b/media-libs/libcue/libcue-2.2.1-r1.ebuild
new file mode 100644
index 000000000000..979036a6ead3
--- /dev/null
+++ b/media-libs/libcue/libcue-2.2.1-r1.ebuild
@@ -0,0 +1,24 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit cmake
+
+DESCRIPTION="CUE Sheet Parser Library"
+HOMEPAGE="https://github.com/lipnitsk/libcue";
+SRC_URI="https://github.com/lipnitsk/${PN}/archive/v${PV}.tar.gz -> 
${P}.tar.gz"
+
+LICENSE="GPL-2"
+SLOT="0/2"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~ppc ~ppc64 ~riscv 
~sparc ~x86"
+IUSE=""
+
+BDEPEND="
+       sys-devel/bison
+       sys-devel/flex
+"
+
+PATCHES=(
+       "${FILESDIR}"/CVE-2023-43641.patch
+)

Reply via email to