This is an automated email from the git hooks/post-receive script.

sebastic pushed a commit to branch ubuntu/vivid
in repository freexl.

commit 2c8e2cef73b08301832bcb41c40fe3bd2073f748
Author: Johan Van de Wauw <johan.vandew...@gmail.com>
Date:   Fri Apr 3 21:55:42 2015 +0200

    Imported Debian patch 1.0.0h-1~exp1ubuntu1
---
 debian/changelog                           | 12 ++++++
 debian/control                             |  3 +-
 debian/patches/afl-vulnerabilitities.patch | 63 ++++++++++++++++++++++++++++++
 debian/patches/series                      |  1 +
 4 files changed, 78 insertions(+), 1 deletion(-)

diff --git a/debian/changelog b/debian/changelog
index e925401..1771656 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,15 @@
+freexl (1.0.0h-1~exp1ubuntu1) vivid; urgency=high
+
+  * SECURITY UPDATE: Fix multiple vulnerabilities (LP: #1437087):
+    - CVE 2015-2753: FreeXL before 1.0.0i allows remote attackers to cause a
+      denial of service (stack corruption) or possibly execute arbitrary code
+      via a crafted sector in a workbook.
+    - CVE 2015-2754: FreeXL before 1.0.0i allows remote attackers to cause a
+      denial of service (stack corruption) and possibly execute arbitrary code
+      via a crafted workbook, related to a "premature EOF."
+
+ -- Johan Van de Wauw <johan.vandew...@gmail.com>  Fri, 03 Apr 2015 21:55:42 
+0200
+
 freexl (1.0.0h-1~exp1) experimental; urgency=medium
 
   * New upstream release.
diff --git a/debian/control b/debian/control
index 9ce5d47..e6918bf 100644
--- a/debian/control
+++ b/debian/control
@@ -1,5 +1,6 @@
 Source: freexl
-Maintainer: Debian GIS Project <pkg-grass-devel@lists.alioth.debian.org>
+Maintainer: Ubuntu Developers <ubuntu-devel-disc...@lists.ubuntu.com>
+XSBC-Original-Maintainer: Debian GIS Project 
<pkg-grass-devel@lists.alioth.debian.org>
 Uploaders: David Paleino <da...@debian.org>,
            Bas Couwenberg <sebas...@xs4all.nl>
 Section: libs
diff --git a/debian/patches/afl-vulnerabilitities.patch 
b/debian/patches/afl-vulnerabilitities.patch
new file mode 100644
index 0000000..79747e4
--- /dev/null
+++ b/debian/patches/afl-vulnerabilitities.patch
@@ -0,0 +1,63 @@
+Description: Fix critical bugs identified by American Fuzzy Lop.
+Origin: 
https://www.gaia-gis.it/fossil/freexl/fdiff?v1=2e167b337481dda3&v2=61618ce51a9b0c15&sbs=1
+Author: Alessandro Furieri <a.furi...@lqt.it>
+Bug-Debian: https://bugs.debian.org/781228
+
+--- a/src/freexl.c
++++ b/src/freexl.c
+@@ -1068,6 +1068,11 @@ allocate_cells (biff_workbook * workbook
+     unsigned int col;
+     biff_cell_value *p_cell;
+ 
++    if (workbook == NULL)
++        return FREEXL_NULL_ARGUMENT;
++    if (workbook->active_sheet == NULL) 
++        return FREEXL_NULL_ARGUMENT;
++
+ /* allocating the cell values array */
+     workbook->active_sheet->cell_values =
+       malloc (sizeof (biff_cell_value) *
+@@ -1713,6 +1718,11 @@ parse_SST (biff_workbook * workbook, int
+             swap32 (&n_strings);
+         p_string = workbook->record + 8;
+         workbook->shared_strings.string_count = n_strings.value;
++          if (workbook->shared_strings.string_count > 1024 * 1024)
++            {
++                /* unexpected huge count ... cowardly giving up ... */
++                return FREEXL_INSUFFICIENT_MEMORY;
++            }
+         workbook->shared_strings.utf8_strings =
+             malloc (sizeof (char **) * workbook->shared_strings.string_count);
+         for (i_string = 0; i_string < workbook->shared_strings.string_count;
+@@ -3749,6 +3759,8 @@ read_biff_next_record (biff_workbook * w
+         unsigned int already_done;
+         unsigned int chunk =
+             workbook->sector_end - (workbook->p_in - workbook->sector_buf);
++          if (workbook->sector_end <= (workbook->p_in - workbook->sector_buf))
++              return -1;
+         memcpy (workbook->record, workbook->p_in, chunk);
+         workbook->p_in += chunk;
+         already_done = chunk;
+@@ -3825,6 +3837,10 @@ read_mini_biff_next_record (biff_workboo
+     workbook->record_type = record_type.value;
+     workbook->record_size = record_size.value;
+ 
++    if ((workbook->p_in - workbook->fat->miniStream) + workbook->record_size >
++        (int) workbook->size)
++        return 0;             /* unexpected EOF */
++
+     memcpy (workbook->record, workbook->p_in, workbook->record_size);
+     workbook->p_in += record_size.value;
+ 
+@@ -4062,7 +4078,10 @@ common_open (const char *path, const voi
+               p_sheet->columns += 1;
+               ret = allocate_cells (workbook);
+               if (ret != FREEXL_OK)
+-                  return ret;
++                  {
++                    errcode = ret;
++                    goto stop;
++                  }
+               p_sheet->valid_dimension = 1;
+               workbook->second_pass = 1;
+           }
diff --git a/debian/patches/series b/debian/patches/series
new file mode 100644
index 0000000..079be2f
--- /dev/null
+++ b/debian/patches/series
@@ -0,0 +1 @@
+afl-vulnerabilitities.patch

-- 
Alioth's /usr/local/bin/git-commit-notice on 
/srv/git.debian.org/git/pkg-grass/freexl.git

_______________________________________________
Pkg-grass-devel mailing list
Pkg-grass-devel@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-grass-devel

Reply via email to