Dear maintainer,
Here's the diff of my NMU for libmikmod.
Cheers,
Moritz
diff -u libmikmod-3.1.11/debian/changelog libmikmod-3.1.11/debian/changelog
--- libmikmod-3.1.11/debian/changelog
+++ libmikmod-3.1.11/debian/changelog
@@ -1,3 +1,11 @@
+libmikmod (3.1.11-6.3) unstable; urgency=high
+
+ * Non-maintainer upload.
+ * Upstream fix for CVE-2009-3995 was incomplete, this was assigned
+ CVE-2010-2546. (Closes: #575742)
+
+ -- Moritz Muehlenhoff <[email protected]> Tue, 27 Jul 2010 14:57:39 -0400
+
libmikmod (3.1.11-6.2) unstable; urgency=high
* Non-maintainer upload.
only in patch2:
unchanged:
--- libmikmod-3.1.11.orig/debian/patches/CVE-2010-2546.patch
+++ libmikmod-3.1.11/debian/patches/CVE-2010-2546.patch
@@ -0,0 +1,31 @@
+--- loaders/load_it.c.orig 2010-07-22 16:02:16.000000000 +0200
++++ libmikmod-3.1.11/loaders/load_it.c.orig 2010-07-22 16:07:48.000000000 +0200
+@@ -743,6 +743,8 @@ BOOL IT_Load(BOOL curious)
+ #define IT_LoadEnvelope(name,type) \
+ ih. name##flg =_mm_read_UBYTE(modreader); \
+ ih. name##pts =_mm_read_UBYTE(modreader); \
++ if (ih. name##pts > ITENVCNT) \
++ ih. name##pts = ITENVCNT; \
+ ih. name##beg =_mm_read_UBYTE(modreader); \
+ ih. name##end =_mm_read_UBYTE(modreader); \
+ ih. name##susbeg=_mm_read_UBYTE(modreader); \
+@@ -756,6 +758,8 @@ BOOL IT_Load(BOOL curious)
+ #define IT_LoadEnvelope(name,type) \
+ ih. name/**/flg =_mm_read_UBYTE(modreader); \
+ ih. name/**/pts =_mm_read_UBYTE(modreader); \
++ if (ih. name/**/pts > ITENVCNT) \
++ ih. name/**/pts = ITENVCNT; \
+ ih. name/**/beg =_mm_read_UBYTE(modreader); \
+ ih. name/**/end =_mm_read_UBYTE(modreader); \
+ ih. name/**/susbeg=_mm_read_UBYTE(modreader); \
+@@ -862,10 +866,6 @@ BOOL IT_Load(BOOL curious)
+ #endif
+
+ IT_ProcessEnvelope(vol);
+- /* fix for CVE-2009-3995 - snatched from SuSe's fix -- AW */
+- if (ih.volpts>= ENVPOINTS)
+- ih.volpts = ENVPOINTS-1;
+-
+ for(u=0;u<ih.volpts;u++)
+ d->volenv[u].val=(ih.volnode[u]<<2);
+
