Package: release.debian.org Severity: normal Tags: jessie User: release.debian....@packages.debian.org Usertags: pu
Getting there, promise. Cheers, Julien diff -u libxvmc-1.0.8/debian/changelog libxvmc-1.0.8/debian/changelog --- libxvmc-1.0.8/debian/changelog +++ libxvmc-1.0.8/debian/changelog @@ -1,3 +1,9 @@ +libxvmc (2:1.0.8-2+deb8u1) jessie; urgency=medium + + * Avoid buffer underflow on empty strings (CVE-2016-7953) + + -- Julien Cristau <jcris...@debian.org> Sat, 07 Jan 2017 16:34:22 +0100 + libxvmc (2:1.0.8-2) unstable; urgency=low * Link libXvMCW.so against -ldl (closes: #610592) only in patch2: unchanged: --- libxvmc-1.0.8.orig/src/XvMC.c +++ libxvmc-1.0.8/src/XvMC.c @@ -587,9 +587,9 @@ if (*name && *busID && tmpBuf) { _XRead(dpy, tmpBuf, realSize); strncpy(*name,tmpBuf,rep.nameLen); - (*name)[rep.nameLen - 1] = '\0'; + (*name)[rep.nameLen == 0 ? 0 : rep.nameLen - 1] = '\0'; strncpy(*busID,tmpBuf+rep.nameLen,rep.busIDLen); - (*busID)[rep.busIDLen - 1] = '\0'; + (*busID)[rep.busIDLen == 0 ? 0 : rep.busIDLen - 1] = '\0'; XFree(tmpBuf); } else { XFree(*name);
signature.asc
Description: PGP signature