[SCM] libgig/master: Add patch to fix CVE-2017-12954. (Closes: #877652)
mira-guest at users.alioth.debian.org
mira-guest at users.alioth.debian.org
Fri Oct 13 20:40:25 UTC 2017
The following commit has been merged in the master branch:
commit b36b065b2ea5375f6a2db61ef8fafbcd17dc56b8
Author: Jaromír Mikeš <mira.mikes at seznam.cz>
Date: Fri Oct 13 22:24:18 2017 +0200
Add patch to fix CVE-2017-12954. (Closes: #877652)
diff --git a/debian/patches/CVE-2017-12954.patch b/debian/patches/CVE-2017-12954.patch
new file mode 100644
index 0000000..489e337
--- /dev/null
+++ b/debian/patches/CVE-2017-12954.patch
@@ -0,0 +1,17 @@
+Description: Avoid some crashes
+ https://security-tracker.debian.org/tracker/CVE-2017-12954
+ http://seclists.org/fulldisclosure/2017/Aug/39
+Author: Jaromír Mikeš <mira.mikes at seznam.cz>
+
+Index: libgig/src/gig.cpp
+===================================================================
+--- libgig.orig/src/gig.cpp
++++ libgig/src/gig.cpp
+@@ -3873,6 +3873,7 @@ namespace {
+ if ((int32_t)WavePoolTableIndex == -1) return NULL;
+ File* file = (File*) GetParent()->GetParent();
+ if (!file->pWavePoolTable) return NULL;
++ if (WavePoolTableIndex + 1 > file->WavePoolCount) return NULL;
+ unsigned long soughtoffset = file->pWavePoolTable[WavePoolTableIndex];
+ unsigned long soughtfileno = file->pWavePoolTableHi[WavePoolTableIndex];
+ Sample* sample = file->GetFirstSample(pProgress);
--
libgig packaging
More information about the pkg-multimedia-commits
mailing list