commit libmirage for openSUSE:Factory

root Wed, 04 Sep 2019 00:16:38 -0700

Hello community,

here is the log from the commit of package libmirage for openSUSE:Factory 
checked in at 2019-09-04 09:15:18
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/libmirage (Old)
 and      /work/SRC/openSUSE:Factory/.libmirage.new.7948 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


Package is "libmirage"

Wed Sep  4 09:15:18 2019 rev:20 rq:727965 version:3.2.2

Changes:
--------
--- /work/SRC/openSUSE:Factory/libmirage/libmirage.changes      2019-08-27 
10:24:57.667925280 +0200
+++ /work/SRC/openSUSE:Factory/.libmirage.new.7948/libmirage.changes    
2019-09-04 09:16:18.914930031 +0200
@@ -1,0 +2,5 @@
+Tue Sep  3 09:53:55 UTC 2019 - Jan Engelhardt <[email protected]>
+
+- Add CVE-2019-15757.patch [boo#1148728]
+
+-------------------------------------------------------------------

New:
----
  CVE-2019-15757.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ libmirage.spec ++++++
--- /var/tmp/diff_new_pack.t0AoX2/_old  2019-09-04 09:16:20.374929829 +0200
+++ /var/tmp/diff_new_pack.t0AoX2/_new  2019-09-04 09:16:20.418929822 +0200
@@ -30,6 +30,7 @@
 Source:         https://downloads.sf.net/cdemu/%name-%version.tar.bz2
 Patch1:         0001-libMirage-CSO-filter-validate-part-size.patch
 Patch2:         0002-libMirage-CSO-filter-replaced-a-g_assert-with-error-.patch
+Patch3:         CVE-2019-15757.patch
 BuildRequires:  cmake >= 2.8.5
 BuildRequires:  intltool >= 0.21
 BuildRequires:  pkg-config >= 0.16

++++++ CVE-2019-15757.patch ++++++
Origin: https://gist.github.com/andreafioraldi/343d9ba64060b548c02362a5e61ec932

---
 images/image-nrg/parser.c |    7 +++++++
 1 file changed, 7 insertions(+)

Index: libmirage-3.2.2/images/image-nrg/parser.c
===================================================================
--- a/libmirage-3.2.2.orig/images/image-nrg/parser.c
+++ b/libmirage-3.2.2/images/image-nrg/parser.c
@@ -987,6 +987,13 @@ static MirageDisc *mirage_parser_nrg_loa
     /* Set CD-ROM as default medium type, will be changed accordingly if there
        is a MTYP block provided */
     mirage_disc_set_medium_type(self->priv->disc, MIRAGE_MEDIUM_CD);
+    /* Length integrity check */
+    if (self->priv->nrg_data_length == 0) {
+        MIRAGE_DEBUG(self, MIRAGE_DEBUG_WARNING, "%s: rg_data_length must be 
greater than 0!\n", __debug__);
+        g_set_error(error, MIRAGE_ERROR, MIRAGE_ERROR_IMAGE_FILE_ERROR, 
Q_("nrg_data_length must be greater than 0!"));
+        succeeded = FALSE;
+        goto end;
+    }
 
     /* Read descriptor data */
     self->priv->nrg_data = g_malloc(self->priv->nrg_data_length);

commit libmirage for openSUSE:Factory

Reply via email to