[Forensics-changes] [sleuthkit] 03/04: Fix CVE-2017-13755
Joao Eriberto Mota Filho
eriberto at moszumanska.debian.org
Mon Sep 18 22:55:19 UTC 2017
This is an automated email from the git hooks/post-receive script.
eriberto pushed a commit to branch debian
in repository sleuthkit.
commit 089ea151bb468173233167ee36b8ba91476080a5
Author: Joao Eriberto Mota Filho <eriberto at debian.org>
Date: Mon Sep 18 19:35:49 2017 -0300
Fix CVE-2017-13755
---
debian/patches/90_fix-CVE-2017-13755.patch | 22 ++++++++++++++++++++++
debian/patches/series | 1 +
2 files changed, 23 insertions(+)
diff --git a/debian/patches/90_fix-CVE-2017-13755.patch b/debian/patches/90_fix-CVE-2017-13755.patch
new file mode 100644
index 0000000..7f0652e
--- /dev/null
+++ b/debian/patches/90_fix-CVE-2017-13755.patch
@@ -0,0 +1,22 @@
+Description: fix CVE-2017-13755. (Closes: #873726)
+Author: Brian Carrier <carrier at sleuthkit.org>
+Bug: https://github.com/sleuthkit/sleuthkit/issues/913
+Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873726
+Last-Update: 2017-09-14
+Index: sleuthkit/tsk/fs/iso9660_dent.c
+===================================================================
+--- sleuthkit.orig/tsk/fs/iso9660_dent.c
++++ sleuthkit/tsk/fs/iso9660_dent.c
+@@ -98,6 +98,12 @@ iso9660_proc_dir(TSK_FS_INFO * a_fs, TSK
+ iso9660_inode_node *in;
+ TSK_OFF_T dir_offs = a_dir_addr * a_fs->block_size;
+
++ // had an issue once where dir was too small
++ // many later calculations assume we can fit at least one entry
++ if (a_length < sizeof(iso9660_dentry)) {
++ return TSK_OK;
++ }
++
+ if ((fs_name = tsk_fs_name_alloc(ISO9660_MAXNAMLEN + 1, 0)) == NULL)
+ return TSK_ERR;
+
diff --git a/debian/patches/series b/debian/patches/series
index d16a90c..46aa1e7 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -4,3 +4,4 @@
60_fix-FTBFS-HURD.patch
70_fix-CVE-2017-13760.patch
80_fix-CVE-2017-13756.patch
+90_fix-CVE-2017-13755.patch
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/forensics/sleuthkit.git
More information about the forensics-changes
mailing list