[Pkg-sdl-commits] [sdl-image1.2] 01/01: Fix CVE-2017-2887: buffer overflow in the XCF property handling.
Felix Geyer
fgeyer at moszumanska.debian.org
Wed Oct 18 20:18:24 UTC 2017
This is an automated email from the git hooks/post-receive script.
fgeyer pushed a commit to branch master
in repository sdl-image1.2.
commit 6d92a8868a3dd1168a030f9cd7196f7e4e8a2a62
Author: Felix Geyer <fgeyer at debian.org>
Date: Wed Oct 18 22:18:05 2017 +0200
Fix CVE-2017-2887: buffer overflow in the XCF property handling.
Closes: #878267
---
debian/changelog | 7 +++++++
debian/patches/CVE-2017-2887.patch | 33 +++++++++++++++++++++++++++++++++
debian/patches/series | 1 +
3 files changed, 41 insertions(+)
diff --git a/debian/changelog b/debian/changelog
index 0cae83c..e5d1d41 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+sdl-image1.2 (1.2.12-7) unstable; urgency=medium
+
+ * Fix CVE-2017-2887: buffer overflow in the XCF property handling.
+ (Closes: #878267)
+
+ -- Felix Geyer <fgeyer at debian.org> Wed, 18 Oct 2017 22:15:49 +0200
+
sdl-image1.2 (1.2.12-6) unstable; urgency=medium
* Bump Policy Standards-Version to 4.0.0 (no changes needed)
diff --git a/debian/patches/CVE-2017-2887.patch b/debian/patches/CVE-2017-2887.patch
new file mode 100644
index 0000000..997f51f
--- /dev/null
+++ b/debian/patches/CVE-2017-2887.patch
@@ -0,0 +1,33 @@
+# HG changeset patch
+# User Sam Lantinga <slouken at libsdl.org>
+# Date 1507329619 25200
+# Node ID 318484db0705d07d4d1f4c0a1d3d5ea69f6ba2b0
+# Parent 7ad06019831d474380fd5a63e518d21219031519
+Fixed security vulnerability in XCF image loader (thanks Yves!)
+
+diff -r 7ad06019831d -r 318484db0705 IMG_xcf.c
+--- a/IMG_xcf.c Mon Sep 18 16:10:17 2017 -0700
++++ b/IMG_xcf.c Fri Oct 06 15:40:19 2017 -0700
+@@ -251,6 +251,7 @@
+ }
+
+ static void xcf_read_property (SDL_RWops * src, xcf_prop * prop) {
++ Uint32 len;
+ prop->id = SDL_ReadBE32 (src);
+ prop->length = SDL_ReadBE32 (src);
+
+@@ -274,7 +275,12 @@
+ break;
+ case PROP_COMPRESSION:
+ case PROP_COLOR:
+- SDL_RWread (src, &prop->data, prop->length, 1);
++ if (prop->length > sizeof(prop->data)) {
++ len = sizeof(prop->data);
++ } else {
++ len = prop->length;
++ }
++ SDL_RWread(src, &prop->data, len, 1);
+ break;
+ case PROP_VISIBLE:
+ prop->data.visible = SDL_ReadBE32 (src);
+
diff --git a/debian/patches/series b/debian/patches/series
new file mode 100644
index 0000000..1552f98
--- /dev/null
+++ b/debian/patches/series
@@ -0,0 +1 @@
+CVE-2017-2887.patch
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-sdl/packages/sdl-image1.2.git
More information about the pkg-sdl-commits
mailing list