[Forensics-changes] [sleuthkit] 01/04: Fix CVE-2017-13760

Joao Eriberto Mota Filho eriberto at moszumanska.debian.org
Mon Sep 18 22:55:19 UTC 2017 

This is an automated email from the git hooks/post-receive script.

eriberto pushed a commit to branch debian
in repository sleuthkit.

commit 523aaaf67c5e631f200508ae19f773bd3e2c7aab
Author: Joao Eriberto Mota Filho <eriberto at debian.org>
Date:   Mon Sep 18 19:20:55 2017 -0300

    Fix CVE-2017-13760
---
 debian/patches/70_fix-CVE-2017-13760.patch | 20 ++++++++++++++++++++
 debian/patches/series                      |  1 +
 2 files changed, 21 insertions(+)

diff --git a/debian/patches/70_fix-CVE-2017-13760.patch b/debian/patches/70_fix-CVE-2017-13760.patch
new file mode 100644
index 0000000..87511d4
--- /dev/null
+++ b/debian/patches/70_fix-CVE-2017-13760.patch
@@ -0,0 +1,20 @@
+Description: fix CVE-2017-13760. (Closes: #873724)
+Author: Brian Carrier <carrier at sleuthkit.org>
+Bug: https://github.com/sleuthkit/sleuthkit/issues/906
+Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873724
+Last-Update: 2017-09-14
+Index: sleuthkit/tsk/fs/exfatfs.c
+===================================================================
+--- sleuthkit.orig/tsk/fs/exfatfs.c
++++ sleuthkit/tsk/fs/exfatfs.c
+@@ -252,9 +252,8 @@ exfatfs_get_alloc_bitmap(FATFS_INFO *a_f
+         return FATFS_FAIL;
+     }
+ 
+-    current_sector = a_fatfs->rootsect;
+     last_sector_of_data_area = a_fatfs->firstdatasect + (a_fatfs->clustcnt * a_fatfs->csize) - 1;
+-    while (current_sector < last_sector_of_data_area) {
++    for (current_sector = a_fatfs->rootsect; current_sector < last_sector_of_data_area; current_sector++) {
+         /* Read in a sector from the root directory. The allocation bitmap
+          * directory entries will probably be near the beginning of the 
+          * directory, probably in the first sector. */
diff --git a/debian/patches/series b/debian/patches/series
index bae6ef8..2194438 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -2,3 +2,4 @@
 40_no-static-ldflags.patch
 50_disable-ant-clean.patch
 60_fix-FTBFS-HURD.patch
+70_fix-CVE-2017-13760.patch

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/forensics/sleuthkit.git

More information about the forensics-changes mailing list