[libstaroffice] 01/01: fix CVE-2017-9432

[Rene Engelhard]

This is an automated email from the git hooks/post-receive script.

rene pushed a commit to branch master
in repository libstaroffice.

commit 6acc8f6a5e5d8d3a6699a5625de292a33b6c5148
Author: Rene Engelhard <rene at rene-engelhard.de>
Date:   Mon Jun 5 11:58:13 2017 +0200

    fix CVE-2017-9432
---
 debian/changelog                  |  6 ++++++
 debian/patches/CVE-2017-9432.diff | 13 +++++++++++++
 debian/patches/series             |  1 +
 3 files changed, 20 insertions(+)

diff --git a/debian/changelog b/debian/changelog
index e9f2243..c71ecc7 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+libstaroffice (0.0.3-3) unstable; urgency=medium
+
+  * backport upstream patch to fix CVE-2017-9432 (closes: #864207)
+
+ -- Rene Engelhard <rene at debian.org>  Mon, 05 Jun 2017 11:53:29 +0200
+
 libstaroffice (0.0.3-2) unstable; urgency=medium
 
   * upload to unstable
diff --git a/debian/patches/CVE-2017-9432.diff b/debian/patches/CVE-2017-9432.diff
new file mode 100644
index 0000000..4a14bef
--- /dev/null
+++ b/debian/patches/CVE-2017-9432.diff
@@ -0,0 +1,13 @@
+diff --git a/src/lib/StarWriterStruct.cxx b/src/lib/StarWriterStruct.cxx
+index 5893302..d1ad366 100644
+--- a/src/lib/StarWriterStruct.cxx
++++ b/src/lib/StarWriterStruct.cxx
+@@ -327,7 +327,7 @@ bool DatabaseName::read(StarZone &zone)
+         }
+         data.m_name=libstoff::getString(text);
+         int positions[2];
+-        for (int j=0; j<2; ++j) positions[i]=int(input->readULong(4));
++        for (int j=0; j<2; ++j) positions[j]=int(input->readULong(4));
+         data.m_selection=STOFFVec2i(positions[0],positions[1]);
+         m_dataList.push_back(data);
+       }
diff --git a/debian/patches/series b/debian/patches/series
new file mode 100644
index 0000000..297dd33
--- /dev/null
+++ b/debian/patches/series
@@ -0,0 +1 @@
+CVE-2017-9432.diff

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-openoffice/libstaroffice.git