[SCM] libkdcraw packaging branch, master, updated. debian/4.8.4-1-6-g942aadd
Maximiliano Curia
maxy at alioth.debian.org
Thu Jun 20 12:13:51 UTC 2013
Gitweb-URL: http://git.debian.org/?p=pkg-kde/kde-sc/libkdcraw.git;a=commitdiff;h=51597d1
The following commit has been merged in the master branch:
commit 51597d114f734d11f445cf7202bc819d58a6a726
Author: Maximiliano Curia <maxy at debian.org>
Date: Thu Jun 20 12:35:26 2013 +0200
New patch: libkdcraw_CVE-2013-2126.diff. (Closes: #711317).
---
debian/changelog | 6 +++++
debian/patches/libkdcraw_CVE-2013-2126.diff | 32 +++++++++++++++++++++++++++
debian/patches/series | 1 +
3 files changed, 39 insertions(+)
diff --git a/debian/changelog b/debian/changelog
index f7a25bc..0cbf80c 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+libkdcraw (4:4.8.4-2) UNRELEASED; urgency=low
+
+ * New patch: libkdcraw_CVE-2013-2126.diff. (Closes: #711317).
+
+ -- Maximiliano Curia <maxy at debian.org> Thu, 20 Jun 2013 12:22:44 +0200
+
libkdcraw (4:4.8.4-1) unstable; urgency=low
* New upstream release
diff --git a/debian/patches/libkdcraw_CVE-2013-2126.diff b/debian/patches/libkdcraw_CVE-2013-2126.diff
new file mode 100644
index 0000000..218287c
--- /dev/null
+++ b/debian/patches/libkdcraw_CVE-2013-2126.diff
@@ -0,0 +1,32 @@
+commit 3be5fad63bc9386f3378deb0c0e0e6bd12a56a93
+Author: Maximiliano Curia <maxy at debian.org>
+Date: Thu Jun 20 12:06:48 2013 +0200
+
+ CVE-2013-2126: double free, fix from: https://github.com/LibRaw/LibRaw/commit/c14ae36d28e80139b2f31b5d9d7623db3b597a3a
+
+diff --git a/libraw/src/libraw_cxx.cpp b/libraw/src/libraw_cxx.cpp
+index c2ad556..47ee7b1 100644
+--- a/libraw/src/libraw_cxx.cpp
++++ b/libraw/src/libraw_cxx.cpp
+@@ -792,8 +792,8 @@ int LibRaw::unpack(void)
+ S.iheight= S.height;
+ IO.shrink = 0;
+ // allocate image as temporary buffer, size
+- imgdata.rawdata.raw_alloc = calloc(S.iwidth*S.iheight,sizeof(*imgdata.image));
+- imgdata.image = (ushort (*)[4]) imgdata.rawdata.raw_alloc;
++ imgdata.rawdata.raw_alloc = 0;
++ imgdata.image = (ushort (*)[4]) calloc(S.iwidth*S.iheight,sizeof(*imgdata.image));
+ }
+
+
+@@ -803,8 +803,8 @@ int LibRaw::unpack(void)
+ // recover saved
+ if( decoder_info.decoder_flags & LIBRAW_DECODER_LEGACY)
+ {
+- imgdata.image = 0;
+- imgdata.rawdata.color_image = (ushort (*)[4]) imgdata.rawdata.raw_alloc;
++ imgdata.rawdata.raw_alloc = imgdata.rawdata.color_image = imgdata.image;
++ imgdata.image = 0;
+ }
+
+ // calculate channel maximum
diff --git a/debian/patches/series b/debian/patches/series
new file mode 100644
index 0000000..560105e
--- /dev/null
+++ b/debian/patches/series
@@ -0,0 +1 @@
+libkdcraw_CVE-2013-2126.diff
--
libkdcraw packaging
More information about the pkg-kde-commits
mailing list