commit indent for openSUSE:Factory

Source-Sync Tue, 20 Feb 2024 12:13:35 -0800

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package indent for openSUSE:Factory checked 
in at 2024-02-20 21:13:14
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/indent (Old)
 and      /work/SRC/openSUSE:Factory/.indent.new.1706 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


Package is "indent"

Tue Feb 20 21:13:14 2024 rev:25 rq:1147530 version:2.2.13

Changes:
--------
--- /work/SRC/openSUSE:Factory/indent/indent.changes    2023-08-23 
14:59:05.990149501 +0200
+++ /work/SRC/openSUSE:Factory/.indent.new.1706/indent.changes  2024-02-20 
21:13:15.599467100 +0100
@@ -1,0 +2,8 @@
+Fri Feb 16 09:57:02 UTC 2024 - pgaj...@suse.com
+
+- security update
+- added patches
+  fix CVE-2024-0911 [bsc#1219210], heap-based buffer overflow in 
set_buf_break()
+  + indent-CVE-2024-0911.patch
+
+-------------------------------------------------------------------

New:
----
  indent-CVE-2024-0911.patch

BETA DEBUG BEGIN:
  New:  fix CVE-2024-0911 [bsc#1219210], heap-based buffer overflow in 
set_buf_break()
  + indent-CVE-2024-0911.patch
BETA DEBUG END:

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ indent.spec ++++++
--- /var/tmp/diff_new_pack.9uL2vZ/_old  2024-02-20 21:13:16.187488438 +0100
+++ /var/tmp/diff_new_pack.9uL2vZ/_new  2024-02-20 21:13:16.187488438 +0100
@@ -1,7 +1,7 @@
 #
 # spec file for package indent
 #
-# Copyright (c) 2023 SUSE LLC
+# Copyright (c) 2024 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -29,6 +29,8 @@
 # PATCH-FIX-SECURITY fix-out-of-buffer-read-CVE-2023-40305.patch 
fix-heap-buffer-overwrite-search_brace-CVE-2023-40305 bsc#1214243 
CVE-2023-40305 antonio.teixe...@suse.com -- indent: heap-based buffer overflow 
in search_brace() in indent.c via a crafted file
 Patch0:         fix-out-of-buffer-read-CVE-2023-40305.patch
 Patch1:         fix-heap-buffer-overwrite-search_brace-CVE-2023-40305.patch
+# CVE-2024-0911 [bsc#1219210], heap-based buffer overflow in set_buf_break()
+Patch2:         indent-CVE-2024-0911.patch
 BuildRequires:  makeinfo
 BuildRequires:  texi2html
 


++++++ indent-CVE-2024-0911.patch ++++++
diff --git a/src/output.c b/src/output.c
index ee01bcc..17eee6e 100644
--- a/src/output.c
+++ b/src/output.c
@@ -290,7 +290,7 @@ void set_buf_break (
     /* Did we just parse a bracket that will be put on the next line
      * by this line break? */
 
-    if ((*token == '(') || (*token == '['))
+    if (level > 0 && ((*token == '(') || (*token == '[')))
     {
         --level;                        /* then don't take it into account */
     }
-- 
2.43.0

commit indent for openSUSE:Factory

Reply via email to