Bug#780756: libzip: diff for NMU version 0.11.2-1.2

Fri, 20 Mar 2015 13:48:49 -0700 

Control: tags 780756 + patch
Control: tags 780756 + pending

Hi Fathi,

I've prepared an NMU for libzip (versioned as 0.11.2-1.2) and
uploaded it to DELAYED/2. Please feel free to tell me if I
should delay it longer.

Regards,
Salvatore

diff -Nru libzip-0.11.2/debian/changelog libzip-0.11.2/debian/changelog
--- libzip-0.11.2/debian/changelog	2014-08-06 15:40:49.000000000 +0200
+++ libzip-0.11.2/debian/changelog	2015-03-20 20:18:20.000000000 +0100
@@ -1,3 +1,12 @@
+libzip (0.11.2-1.2) unstable; urgency=high
+
+  * Non-maintainer upload.
+  * Add CVE-2015-2331.patch patch.
+    CVE-2015-2331: ZIP integer overflow leads to writing past heap boundary.
+    (Closes: #780756)
+
+ -- Salvatore Bonaccorso <car...@debian.org>  Fri, 20 Mar 2015 20:17:45 +0100
+
 libzip (0.11.2-1.1) unstable; urgency=medium
 
   * Non-maintainer upload.
diff -Nru libzip-0.11.2/debian/patches/CVE-2015-2331.patch libzip-0.11.2/debian/patches/CVE-2015-2331.patch
--- libzip-0.11.2/debian/patches/CVE-2015-2331.patch	1970-01-01 01:00:00.000000000 +0100
+++ libzip-0.11.2/debian/patches/CVE-2015-2331.patch	2015-03-20 20:18:20.000000000 +0100
@@ -0,0 +1,18 @@
+Description: CVE-2015-2331: ZIP integer overflow
+Origin: https://github.com/php/php-src/commit/ec779124cb7279493ce1ca1088d1aaa32e82479a
+Bug-Debian: https://bugs.debian.org/780756
+Forwarded: not-needed
+Author: Salvatore Bonaccorso <car...@debian.org>
+Last-Update: 2015-03-20
+
+--- a/lib/zip_dirent.c
++++ b/lib/zip_dirent.c
+@@ -110,7 +110,7 @@ _zip_cdir_new(zip_uint64_t nentry, struc
+ 
+     if (nentry == 0)
+ 	cd->entry = NULL;
+-    else if ((cd->entry=(struct zip_entry *)malloc(sizeof(*(cd->entry))*(size_t)nentry)) == NULL) {
++    else if (nentry > ((size_t)-1)/sizeof(*(cd->entry)) || (cd->entry=(struct zip_entry *)malloc(sizeof(*(cd->entry))*(size_t)nentry)) == NULL) {
+ 	_zip_error_set(error, ZIP_ER_MEMORY, 0);
+ 	free(cd);
+ 	return NULL;
diff -Nru libzip-0.11.2/debian/patches/series libzip-0.11.2/debian/patches/series
--- libzip-0.11.2/debian/patches/series	1970-01-01 01:00:00.000000000 +0100
+++ libzip-0.11.2/debian/patches/series	2015-03-20 20:18:20.000000000 +0100
@@ -0,0 +1 @@
+CVE-2015-2331.patch

Attachment: signature.asc
Description: Digital signature

Reply via email to