[gnuplot] 01/02: Fix memory corruption vulnerability. CVE-2017-9670. (Closes: #864901)
Anton Gladky
gladk at moszumanska.debian.org
Fri Jun 16 20:40:28 UTC 2017
This is an automated email from the git hooks/post-receive script.
gladk pushed a commit to branch master
in repository gnuplot.
commit 02931b63b3ad9426976384ec44cd565c14b53b22
Author: Anton Gladky <gladk at debian.org>
Date: Fri Jun 16 22:35:23 2017 +0200
Fix memory corruption vulnerability. CVE-2017-9670. (Closes: #864901)
---
debian/patches/20_CVE-2017-9670.patch | 18 ++++++++++++++++++
debian/patches/series | 1 +
2 files changed, 19 insertions(+)
diff --git a/debian/patches/20_CVE-2017-9670.patch b/debian/patches/20_CVE-2017-9670.patch
new file mode 100644
index 0000000..482ea7e
--- /dev/null
+++ b/debian/patches/20_CVE-2017-9670.patch
@@ -0,0 +1,18 @@
+Description: Fix memory corruption vulnerability. CVE-2017-9670
+Author: Ethan Merritt
+Bug-Debian: https://bugs.debian.org/864901
+Origin: https://sourceforge.net/p/gnuplot/bugs/_discuss/thread/44ec637c/af0f/attachment/uninitialized_variables_%28Bug1933%29.patch
+Bug: https://sourceforge.net/p/gnuplot/bugs/1933/
+Reviewed-By: Anton Gladky <gladk at debian.org>
+Last-Update: 2017-06-16
+
+--- gnuplot-5.0.5+dfsg1.orig/src/set.c
++++ gnuplot-5.0.5+dfsg1/src/set.c
+@@ -5926,6 +5926,7 @@ load_tic_series(AXIS_INDEX axis)
+
+ if (!equals(c_token, ",")) {
+ /* only step specified */
++ incr_token = c_token;
+ incr = start;
+ start = -VERYLARGE;
+ end = VERYLARGE;
diff --git a/debian/patches/series b/debian/patches/series
index 94e0bfa..3c19808 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -6,3 +6,4 @@
11_fix_linkage_wx.patch
13_honour_SOURCE_DATE_EPOCH.patch
14_strip_username_from_output.patch
+20_CVE-2017-9670.patch
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/debian-science/packages/gnuplot.git
More information about the debian-science-commits
mailing list