Fix CVE-2015-8865

debian/patches/CVE-2015-8865.6713ca4.patch

@@ -0,0 +1,24 @@
+Subject: Buffer over-write in finfo_open with malformed magic file
+ID: CVE-2015-8865
+Upstream-Author: Christos Zoulas <christos@zoulas.com>
+Author: Christos Zoulas <christos@zoulas.com>
+Date: Wed Jun 3 18:01:20 2015 +0000
+Origin: FILE5_22-75-g6713ca4
+Origin: https://bugs.php.net/bug.php?id=71527 (Original bug report)
+Origin: http://bugs.gw.com/view.php?id=522 (bug report for file)
+
+    [ Original description: ]
+    PR/454: Fix memory corruption when the continuation level jumps by more than
+    20 in a single step.
+
+--- a/src/funcs.c
++++ b/src/funcs.c
+@@ -401,7 +401,7 @@
+ 	size_t len;
+ 
+ 	if (level >= ms->c.len) {
+-		len = (ms->c.len += 20) * sizeof(*ms->c.li);
++		len = (ms->c.len = 20 + level) * sizeof(*ms->c.li);
+ 		ms->c.li = CAST(struct level_info *, (ms->c.li == NULL) ?
+ 		    malloc(len) :
+ 		    realloc(ms->c.li, len));

debian/patches/series

@@ -12,3 +12,4 @@
 0013-jpeg.c5d7f4d.patch
 cherry-pick.FILE5_24-22-g27b4e34.parameter-1.patch
 cherry-pick.FILE5_24-23-g4ddb783.parameter-2.patch
+CVE-2015-8865.6713ca4.patch