Control: tags 817233 + patch Control: tags 817233 + pending Hi Tomasz,
Attached is a patch with an NMU diff I've prepared for brotli. You can also find the binary package in the following URL: http://mentors.debian.net/package/brotli Alternatively, one can download the package with dget using this command: dget -x http://mentors.debian.net/debian/pool/main/b/brotli/brotli_0.3.0+dfsg-2.1.dsc Cheers, Rul
diff -Nru brotli-0.3.0+dfsg/debian/changelog brotli-0.3.0+dfsg/debian/changelog --- brotli-0.3.0+dfsg/debian/changelog 2016-02-15 00:59:52.000000000 -0800 +++ brotli-0.3.0+dfsg/debian/changelog 2016-03-14 08:40:08.000000000 -0700 @@ -1,3 +1,10 @@ +brotli (0.3.0+dfsg-2.1) unstable; urgency=medium + + * Non-maintainer upload. + * Fixes for CVE-2016-1968 and CVE-2016-1624 (Closes: #817233) + + -- Raúl Benencia <r...@kalgan.cc> Mon, 14 Mar 2016 08:36:44 -0700 + brotli (0.3.0+dfsg-2) unstable; urgency=medium * d/copyright: update to MIT diff -Nru brotli-0.3.0+dfsg/debian/patches/fix-integer-underflow.patch brotli-0.3.0+dfsg/debian/patches/fix-integer-underflow.patch --- brotli-0.3.0+dfsg/debian/patches/fix-integer-underflow.patch 1969-12-31 16:00:00.000000000 -0800 +++ brotli-0.3.0+dfsg/debian/patches/fix-integer-underflow.patch 2016-03-14 08:58:36.000000000 -0700 @@ -0,0 +1,19 @@ +Description: Fix integer underflow + Fixes for CVE-2016-1968 and CVE-2016-1624 +Origin: https://github.com/google/brotli/commit/37a320dd81db8d546cd24a45b4c61d87b45dcade +Bug-Debian: https://bugs.debian.org/817233 +Index: brotli-0.3.0+dfsg/dec/decode.c +=================================================================== +--- brotli-0.3.0+dfsg.orig/dec/decode.c 2015-12-22 08:28:21.000000000 -0800 ++++ brotli-0.3.0+dfsg/dec/decode.c 2016-03-14 08:46:10.635050201 -0700 +@@ -1688,6 +1688,10 @@ + } else { + const uint8_t *ringbuffer_end_minus_copy_length = + s->ringbuffer_end - i; ++ /* Check for possible underflow and clamp the pointer to 0. */ ++ if (PREDICT_FALSE(s->ringbuffer_end < (const uint8_t*)0 + i)) { ++ ringbuffer_end_minus_copy_length = 0; ++ } + uint8_t* copy_src = &s->ringbuffer[ + (pos - s->distance_code) & s->ringbuffer_mask]; + uint8_t* copy_dst = &s->ringbuffer[pos]; diff -Nru brotli-0.3.0+dfsg/debian/patches/series brotli-0.3.0+dfsg/debian/patches/series --- brotli-0.3.0+dfsg/debian/patches/series 1969-12-31 16:00:00.000000000 -0800 +++ brotli-0.3.0+dfsg/debian/patches/series 2016-03-14 08:50:37.000000000 -0700 @@ -0,0 +1 @@ +fix-integer-underflow.patch
signature.asc
Description: PGP signature