[Forensics-changes] [sleuthkit] 02/04: Fix CVE-2017-13756
Joao Eriberto Mota Filho
eriberto at moszumanska.debian.org
Mon Sep 18 22:55:19 UTC 2017
This is an automated email from the git hooks/post-receive script.
eriberto pushed a commit to branch debian
in repository sleuthkit.
commit 7954e9b53f3b061bdb66421c2cacfe1ab6a4b6b6
Author: Joao Eriberto Mota Filho <eriberto at debian.org>
Date: Mon Sep 18 19:29:12 2017 -0300
Fix CVE-2017-13756
---
debian/patches/80_fix-CVE-2017-13756.patch | 19 +++++++++++++++++++
debian/patches/series | 1 +
2 files changed, 20 insertions(+)
diff --git a/debian/patches/80_fix-CVE-2017-13756.patch b/debian/patches/80_fix-CVE-2017-13756.patch
new file mode 100644
index 0000000..63fdae4
--- /dev/null
+++ b/debian/patches/80_fix-CVE-2017-13756.patch
@@ -0,0 +1,19 @@
+Description: fix CVE-2017-13756. (Closes: #873725)
+Author: Adam Buchbinder <abuchbinder at google.com>
+Bug: https://github.com/sleuthkit/sleuthkit/issues/914
+Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873725
+Last-Update: 2017-09-02
+Index: sleuthkit/tsk/vs/dos.c
+===================================================================
+--- sleuthkit.orig/tsk/vs/dos.c
++++ sleuthkit/tsk/vs/dos.c
+@@ -743,7 +743,8 @@ dos_load_ext_table(TSK_VS_INFO * vs, TSK
+ PRIu32 " Type: %d\n", table, i, part_start, part_size,
+ part->ptype);
+
+- if (part_size == 0)
++ /* part_start == 0 would cause infinite recursion */
++ if (part_size == 0 || part_start == 0)
+ continue;
+
+ /* partitions are addressed differently
diff --git a/debian/patches/series b/debian/patches/series
index 2194438..d16a90c 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -3,3 +3,4 @@
50_disable-ant-clean.patch
60_fix-FTBFS-HURD.patch
70_fix-CVE-2017-13760.patch
+80_fix-CVE-2017-13756.patch
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/forensics/sleuthkit.git
More information about the forensics-changes
mailing list