Import Debian version 5.11-2+deb7u6

debian/patches/CVE-2014-3710.patch

@@ -0,0 +1,26 @@
+From 39c7ac1106be844a5296d3eb5971946cc09ffda0 Mon Sep 17 00:00:00 2001
+From: Christos Zoulas <christos@zoulas.com>
+Date: Fri, 17 Oct 2014 15:49:00 +0000
+Subject: [PATCH] Fix note bounds reading, Francisco Alonso / Red Hat
+
+diff --git a/src/readelf.c b/src/readelf.c
+index 08f81f5..9ebdebd 100644
+--- a/src/readelf.c
++++ b/src/readelf.c
+@@ -477,6 +477,13 @@ donote(struct magic_set *ms, void *vbuf, size_t offset, size_t size,
+ 	uint32_t namesz, descsz;
+ 	unsigned char *nbuf = CAST(unsigned char *, vbuf);
+ 
++	if (xnh_sizeof + offset > size) {
++		/*
++		 * We're out of note headers.
++		 */
++		return xnh_sizeof + offset;
++	}
++
+ 	(void)memcpy(xnh_addr, &nbuf[offset], xnh_sizeof);
+ 	offset += xnh_sizeof;
+ 
+-- 
+1.7.10.4
+

debian/patches/series

@@ -14,3 +14,4 @@ CVE-2014-3480.patch
 CVE-2014-3487.patch
 CVE-2014-3538.patch
 CVE-2014-3587.patch
+CVE-2014-3710.patch