[SCM] libmms/master: Apply upstream patch for CVE-2014-2892
sramacher at users.alioth.debian.org
sramacher at users.alioth.debian.org
Fri Apr 25 13:46:57 UTC 2014
The following commit has been merged in the master branch:
commit 11b9757965780a9c14d084f571f108fc6dcdf832
Author: Sebastian Ramacher <sramacher at debian.org>
Date: Fri Apr 25 15:33:29 2014 +0200
Apply upstream patch for CVE-2014-2892
diff --git a/debian/patches/0002-CVE-2014-2892.patch b/debian/patches/0002-CVE-2014-2892.patch
new file mode 100644
index 0000000..e05b526
--- /dev/null
+++ b/debian/patches/0002-CVE-2014-2892.patch
@@ -0,0 +1,22 @@
+Description: Fix heap based buffer overrun
+Bug-Debian: https://bugs.debian.org/745301
+Origin: upstream,
+ http://sourceforge.net/p/libmms/code/ci/03bcfccc22919c72742b7338d02859962861e0e8
+Last-Update: 2014-04-25
+
+diff --git a/src/mmsh.c b/src/mmsh.c
+index f7cee4a..bca7fb8 100644
+--- a/src/mmsh.c
++++ b/src/mmsh.c
+@@ -307,7 +307,10 @@ static int get_answer (mms_io_t *io, mmsh_t *this) {
+ len = 0;
+ }
+ } else {
+- len ++;
++ if (++len >= sizeof(this->buf)) {
++ lprintf("answer too large\n");
++ return 0;
++ }
+ }
+ }
+ if (this->stream_type == MMSH_UNKNOWN) {
diff --git a/debian/patches/series b/debian/patches/series
index d6f0074..a591243 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1 +1,2 @@
0001-Fixup-bswap.h-macros.patch
+0002-CVE-2014-2892.patch
--
libmms packaging
More information about the pkg-multimedia-commits
mailing list