Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian@packages.debian.org
Usertags: pu
[ Reason ]
This fixes CVE-2021-40241 (a potential buffer overflow in reading an
environment variable).
[ Tests ]
Salsa-CI Pipleline passed except reprotest (no idea, what goes wrong
there, maybe a bullseye problem with the pipeline):
https://salsa.debian.org/debian/xfig/-/pipelines/451502
[ Risks ]
The fix is very minimal (change sprintf to snprintf).
[ Checklist ]
[x] *all* changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in (old)stable
[x] the issue is verified as fixed in unstable
[ Changes ]
- fix for CVE-2021-40241
- Change in debian/salsa-ci.yml to build with bullseye instead of unstable
Greetings
Roland
diff -Nru xfig-3.2.8/debian/changelog xfig-3.2.8/debian/changelog
--- xfig-3.2.8/debian/changelog 2021-05-20 21:14:22.0 +0200
+++ xfig-3.2.8/debian/changelog 2022-11-07 13:10:05.0 +0100
@@ -1,3 +1,10 @@
+xfig (1:3.2.8-3+deb11u1) bullseye; urgency=medium
+
+ * 10_CVE-2021-40241: Avoid buffer overflow in LANG (CVE-2021-40241)
+(Closes: #992395).
+
+ -- Roland Rosenfeld Mon, 07 Nov 2022 13:10:05 +0100
+
xfig (1:3.2.8-3) unstable; urgency=medium
* testsuite: depend on libgs-dev, so the test does no longer randomly
diff -Nru xfig-3.2.8/debian/patches/10_CVE-2021-40241.patch xfig-3.2.8/debian/patches/10_CVE-2021-40241.patch
--- xfig-3.2.8/debian/patches/10_CVE-2021-40241.patch 1970-01-01 01:00:00.0 +0100
+++ xfig-3.2.8/debian/patches/10_CVE-2021-40241.patch 2022-11-07 13:10:05.0 +0100
@@ -0,0 +1,19 @@
+From: Roland Rosenfeld
+Date: Fri, 20 Aug 2021 13:18:20 +0200
+Origin: upstream, https://sourceforge.net/p/mcj/xfig/ci/1c4e131
+Bug-Debian: https://bugs.debian.org/992395
+Bug: https://bugs.debian.org/992395
+Subject: Avoid buffer overflow in LANG.
+ Fixes CVE-2021-40241
+
+--- a/src/w_help.c
b/src/w_help.c
+@@ -52,7 +52,7 @@ launch_refman(Widget w, XtPointer closur
+ #ifdef I18N
+ if (appres.international && getenv("LANG")) {
+ /* check localized file ($XFIGDOCDIR/html/$LANG/index.html) first */
+- sprintf(filename, "%s/html/%s/index.html", XFIGDOCDIR, getenv("LANG"));
++ snprintf(filename, PATH_MAX, "%s/html/%s/index.html", XFIGDOCDIR, getenv("LANG"));
+ if (!check_docfile(filename))
+ sprintf(filename, "%s/html/index.html", XFIGDOCDIR);
+ }
diff -Nru xfig-3.2.8/debian/patches/series xfig-3.2.8/debian/patches/series
--- xfig-3.2.8/debian/patches/series 2021-05-20 21:14:22.0 +0200
+++ xfig-3.2.8/debian/patches/series 2022-11-07 13:10:05.0 +0100
@@ -4,3 +4,4 @@
07_missing-config.h.patch
08_fig-format-doc.patch
09_repair-table-doc.patch
+10_CVE-2021-40241.patch
diff -Nru xfig-3.2.8/debian/salsa-ci.yml xfig-3.2.8/debian/salsa-ci.yml
--- xfig-3.2.8/debian/salsa-ci.yml 2021-05-20 21:14:22.0 +0200
+++ xfig-3.2.8/debian/salsa-ci.yml 2022-11-07 13:10:05.0 +0100
@@ -3,4 +3,4 @@
- https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/pipeline-jobs.yml
variables:
- RELEASE: 'unstable'
+ RELEASE: 'bullseye'
signature.asc
Description: PGP signature