This is an automated email from the git hooks/post-receive script. sebastic pushed a commit to branch ubuntu/trusty in repository freexl.
commit e64972077a17ae0172c05d27058f249f61e07863 Author: Johan Van de Wauw <johan.vandew...@gmail.com> Date: Fri Apr 3 22:47:20 2015 +0200 Imported Debian patch 1.0.0g-1ubuntu0.14.04.1 --- debian/changelog | 13 ++++++ debian/control | 3 +- debian/patches/afl-vulnerabilitities.patch | 63 ++++++++++++++++++++++++++++++ debian/patches/series | 1 + 4 files changed, 79 insertions(+), 1 deletion(-) diff --git a/debian/changelog b/debian/changelog index fcbbf6d..c104c69 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,16 @@ +freexl (1.0.0g-1ubuntu0.14.04.1) trusty-security; urgency=high + + * SECURITY UPDATE: Fix multiple vulnerabilities allowing denial of service + or possibly execute arbitrary code (LP: #1437087): + - CVE 2015-2753: FreeXL before 1.0.0i allows remote attackers to cause a + denial of service (stack corruption) or possibly execute arbitrary code + via a crafted sector in a workbook. + - CVE 2015-2754: FreeXL before 1.0.0i allows remote attackers to cause a + denial of service (stack corruption) and possibly execute arbitrary code + via a crafted workbook, related to a "premature EOF." + + -- Johan Van de Wauw <johan.vandew...@gmail.com> Fri, 03 Apr 2015 22:47:20 +0200 + freexl (1.0.0g-1) unstable; urgency=low * New upstream release. diff --git a/debian/control b/debian/control index 03e48cf..3ab7018 100644 --- a/debian/control +++ b/debian/control @@ -1,5 +1,6 @@ Source: freexl -Maintainer: Debian GIS Project <pkg-grass-devel@lists.alioth.debian.org> +Maintainer: Ubuntu Developers <ubuntu-devel-disc...@lists.ubuntu.com> +XSBC-Original-Maintainer: Debian GIS Project <pkg-grass-devel@lists.alioth.debian.org> Uploaders: David Paleino <da...@debian.org>, Bas Couwenberg <sebas...@xs4all.nl> Section: libs diff --git a/debian/patches/afl-vulnerabilitities.patch b/debian/patches/afl-vulnerabilitities.patch new file mode 100644 index 0000000..79747e4 --- /dev/null +++ b/debian/patches/afl-vulnerabilitities.patch @@ -0,0 +1,63 @@ +Description: Fix critical bugs identified by American Fuzzy Lop. +Origin: https://www.gaia-gis.it/fossil/freexl/fdiff?v1=2e167b337481dda3&v2=61618ce51a9b0c15&sbs=1 +Author: Alessandro Furieri <a.furi...@lqt.it> +Bug-Debian: https://bugs.debian.org/781228 + +--- a/src/freexl.c ++++ b/src/freexl.c +@@ -1068,6 +1068,11 @@ allocate_cells (biff_workbook * workbook + unsigned int col; + biff_cell_value *p_cell; + ++ if (workbook == NULL) ++ return FREEXL_NULL_ARGUMENT; ++ if (workbook->active_sheet == NULL) ++ return FREEXL_NULL_ARGUMENT; ++ + /* allocating the cell values array */ + workbook->active_sheet->cell_values = + malloc (sizeof (biff_cell_value) * +@@ -1713,6 +1718,11 @@ parse_SST (biff_workbook * workbook, int + swap32 (&n_strings); + p_string = workbook->record + 8; + workbook->shared_strings.string_count = n_strings.value; ++ if (workbook->shared_strings.string_count > 1024 * 1024) ++ { ++ /* unexpected huge count ... cowardly giving up ... */ ++ return FREEXL_INSUFFICIENT_MEMORY; ++ } + workbook->shared_strings.utf8_strings = + malloc (sizeof (char **) * workbook->shared_strings.string_count); + for (i_string = 0; i_string < workbook->shared_strings.string_count; +@@ -3749,6 +3759,8 @@ read_biff_next_record (biff_workbook * w + unsigned int already_done; + unsigned int chunk = + workbook->sector_end - (workbook->p_in - workbook->sector_buf); ++ if (workbook->sector_end <= (workbook->p_in - workbook->sector_buf)) ++ return -1; + memcpy (workbook->record, workbook->p_in, chunk); + workbook->p_in += chunk; + already_done = chunk; +@@ -3825,6 +3837,10 @@ read_mini_biff_next_record (biff_workboo + workbook->record_type = record_type.value; + workbook->record_size = record_size.value; + ++ if ((workbook->p_in - workbook->fat->miniStream) + workbook->record_size > ++ (int) workbook->size) ++ return 0; /* unexpected EOF */ ++ + memcpy (workbook->record, workbook->p_in, workbook->record_size); + workbook->p_in += record_size.value; + +@@ -4062,7 +4078,10 @@ common_open (const char *path, const voi + p_sheet->columns += 1; + ret = allocate_cells (workbook); + if (ret != FREEXL_OK) +- return ret; ++ { ++ errcode = ret; ++ goto stop; ++ } + p_sheet->valid_dimension = 1; + workbook->second_pass = 1; + } diff --git a/debian/patches/series b/debian/patches/series new file mode 100644 index 0000000..079be2f --- /dev/null +++ b/debian/patches/series @@ -0,0 +1 @@ +afl-vulnerabilitities.patch -- Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-grass/freexl.git _______________________________________________ Pkg-grass-devel mailing list Pkg-grass-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-grass-devel