[SCM] vlc/wheezy: Fix CVE-2016-5108. (Closes: #825728)

Thu Jun 2 20:33:31 UTC 2016

The following commit has been merged in the wheezy branch:
commit db56071a7b0e1d518ff55e0378a1ba50bbe33b2b
Author: Mateusz Łukasik <mati75 at linuxmint.pl>
Date:   Thu Jun 2 22:34:36 2016 +0200

    Fix CVE-2016-5108. (Closes: #825728)

diff --git a/debian/changelog b/debian/changelog
index 89e9d73..bd73256 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+vlc (2.0.3-5+deb7u3) wheezy-security; urgency=high
+
+  * Fix CVE-2016-5108. (Closes: #825728)
+
+ -- Mateusz Łukasik <mati75 at linuxmint.pl>  Thu, 02 Jun 2016 21:40:24 +0200
+
 vlc (2.0.3-5+deb7u2) wheezy-security; urgency=high
 
   * Fix multiple vulnerabilities (Closes: #775866):
diff --git a/debian/patches/adpcm-reject-invalid-QuickTime-IMA-files.patch b/debian/patches/adpcm-reject-invalid-QuickTime-IMA-files.patch
new file mode 100644
index 0000000..a4bf1e9
--- /dev/null
+++ b/debian/patches/adpcm-reject-invalid-QuickTime-IMA-files.patch
@@ -0,0 +1,37 @@
+From c2d2c3698e47402ec36ecc6c8a85781dbd88b6a9 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Rafa=C3=ABl=20Carr=C3=A9?= <funman at videolan.org>
+Date: Wed, 25 May 2016 10:00:25 +0200
+Subject: [PATCH 01/17] adpcm: reject invalid QuickTime IMA files
+
+DecodeAdpcmImaQT() can only decode up to stereo files.
+Fix out of bound write.
+
+Reported by: Patrick Coleman <blinken at gmail.com>
+
+Signed-off-by: Jean-Baptiste Kempf <jb at videolan.org>
+(cherry picked from commit 458ed62bbeb9d1bddf7b8df104e14936408a3db9)
+Signed-off-by: Jean-Baptiste Kempf <jb at videolan.org>
+---
+ modules/codec/adpcm.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/modules/codec/adpcm.c b/modules/codec/adpcm.c
+index e655c45..0071077 100644
+--- a/modules/codec/adpcm.c
++++ b/modules/codec/adpcm.c
+@@ -174,6 +174,12 @@ static int OpenDecoder( vlc_object_t *p_this )
+     switch( p_dec->fmt_in.i_codec )
+     {
+         case VLC_FOURCC('i','m','a', '4'): /* IMA ADPCM */
++            if (p_dec->fmt_in.audio.i_channels > 2) {
++                free(p_sys);
++                msg_Err(p_dec, "Invalid number of channels %i",
++                        p_dec->fmt_in.audio.i_channels );
++                return VLC_EGENERIC;
++            }
+             p_sys->codec = ADPCM_IMA_QT;
+             break;
+         case VLC_CODEC_ADPCM_IMA_WAV: /* IMA ADPCM */
+-- 
+2.8.1
+
diff --git a/debian/patches/series b/debian/patches/series
index 39731d8..06da465 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -10,3 +10,4 @@ codec-schroedinger-fix-potential-buffer-overflow.patch
 codec-dirac-fix-potential-buffer-overflow.patch
 demux-mp4-fix-buffer-overflow-in-parsing-of-string-b.patch
 stream_out-rtp-don-t-use-VLA-for-user-controlled-dat.patch
+adpcm-reject-invalid-QuickTime-IMA-files.patch

-- 
VLC media player packaging

