[SCM] vlc/master: Fix CVE-2017-10699
mati75-guest at users.alioth.debian.org
mati75-guest at users.alioth.debian.org
Mon Jul 3 08:31:34 UTC 2017
The following commit has been merged in the master branch:
commit 4728bb3dd34d6d78a806fad41164d0f4fb0aba94
Author: Mateusz Łukasik <mati75 at linuxmint.pl>
Date: Mon Jul 3 10:30:25 2017 +0200
Fix CVE-2017-10699
diff --git a/debian/changelog b/debian/changelog
index 3c8e690..0ac1f10 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+vlc (2.2.6-3) UNRELEASED; urgency=medium
+
+ * Fix CVE-2017-10699.
+
+ -- Mateusz Łukasik <mati75 at linuxmint.pl> Mon, 03 Jul 2017 10:29:34 +0200
+
vlc (2.2.6-2) unstable; urgency=medium
* Upload to unstable.
diff --git a/debian/patches/0011-Fix-CVE-2017-10699.patch b/debian/patches/0011-Fix-CVE-2017-10699.patch
new file mode 100644
index 0000000..ed21b37
--- /dev/null
+++ b/debian/patches/0011-Fix-CVE-2017-10699.patch
@@ -0,0 +1,31 @@
+From 6cc73bcad19da2cd2e95671173f2e0d203a57e9b Mon Sep 17 00:00:00 2001
+From: Francois Cartegnie <fcvlcdev at free.fr>
+Date: Thu, 29 Jun 2017 09:45:20 +0200
+Subject: [PATCH] codec: avcodec: check avcodec visible sizes
+
+refs #18467
+---
+ modules/codec/avcodec/video.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/modules/codec/avcodec/video.c b/modules/codec/avcodec/video.c
+index 1bcad21ad2..ce5254423e 100644
+--- a/modules/codec/avcodec/video.c
++++ b/modules/codec/avcodec/video.c
+@@ -137,9 +137,11 @@ static inline picture_t *ffmpeg_NewPictBuf( decoder_t *p_dec,
+ }
+
+
+- if( width == 0 || height == 0 || width > 8192 || height > 8192 )
++ if( width == 0 || height == 0 || width > 8192 || height > 8192 ||
++ width < p_context->width || height < p_context->height )
+ {
+- msg_Err( p_dec, "Invalid frame size %dx%d.", width, height );
++ msg_Err( p_dec, "Invalid frame size %dx%d. vsz %dx%d",
++ width, height, p_context->width, p_context->height );
+ return NULL; /* invalid display size */
+ }
+ p_dec->fmt_out.video.i_width = width;
+--
+2.11.0
+
diff --git a/debian/patches/0012-Fix-CVE-2017-10699.patch b/debian/patches/0012-Fix-CVE-2017-10699.patch
new file mode 100644
index 0000000..47dd292
--- /dev/null
+++ b/debian/patches/0012-Fix-CVE-2017-10699.patch
@@ -0,0 +1,31 @@
+From a38a85db58c569cc592d9380cc07096757ef3d49 Mon Sep 17 00:00:00 2001
+From: Francois Cartegnie <fcvlcdev at free.fr>
+Date: Thu, 29 Jun 2017 11:09:02 +0200
+Subject: [PATCH] decoder: check visible size when creating buffer
+
+early reject invalid visible size
+mishandled by filters.
+
+refs #18467
+---
+ src/input/decoder.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/src/input/decoder.c b/src/input/decoder.c
+index 2c0823feb5..a216165272 100644
+--- a/src/input/decoder.c
++++ b/src/input/decoder.c
+@@ -2060,7 +2060,9 @@ static picture_t *vout_new_buffer( decoder_t *p_dec )
+ vout_thread_t *p_vout;
+
+ if( !p_dec->fmt_out.video.i_width ||
+- !p_dec->fmt_out.video.i_height )
++ !p_dec->fmt_out.video.i_height ||
++ p_dec->fmt_out.video.i_width < p_dec->fmt_out.video.i_visible_width ||
++ p_dec->fmt_out.video.i_height < p_dec->fmt_out.video.i_visible_height )
+ {
+ /* Can't create a new vout without display size */
+ return NULL;
+--
+2.11.0
+
diff --git a/debian/patches/series b/debian/patches/series
index e061915..37aeeee 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -8,3 +8,5 @@
0008-desktop-file-We-understand-gvp-and-ram-format.patch
0009-desktop-file-more-mimetypes-from-iana.org.patch
0010-MKV-support-WebVTT-subtitles-embedded.patch
+0011-Fix-CVE-2017-10699.patch
+0012-Fix-CVE-2017-10699.patch
--
VLC media player packaging
More information about the pkg-multimedia-commits
mailing list