Cherry-pick upstream commit 0641e56 to fix CVE-2014-3587

debian/patches/cherry-pick.FILE5_19-18-g0641e56.CVE-2014-3587.patch

@@ -0,0 +1,24 @@
+Subject: Integer overflow in the cdf_read_property_info function allows remote attackers to cause a denial of service
+ID: CVE-2014-3587
+Author: Christos Zoulas <christos@zoulas.com>
+Date: Thu Aug 7 09:38:35 2014 +0000
+Origin:
+commit 0641e56be1af003aa02c7c6b0184466540637233
+Debian-Author: Christoph Biedl <debian.axhn@manchmal.in-ulm.de>
+Last-Update: 2014-09-07
+
+    Prevent wrap around (Remi Collet at redhat)
+
+--- a/src/cdf.c
++++ b/src/cdf.c
+@@ -824,6 +824,10 @@ cdf_read_property_info(const cdf_stream_
+ 		q = (const uint8_t *)(const void *)
+ 		    ((const char *)(const void *)p + ofs
+ 		    - 2 * sizeof(uint32_t));
++		if (q < p) {
++			DPRINTF(("Wrapped around %p < %p\n", q, p));
++			goto out;
++		}
+ 		if (q > e) {
+ 			DPRINTF(("Ran of the end %p > %p\n", q, e));
+ 			goto out;

debian/patches/series

@@ -9,3 +9,4 @@
 0010-mdadm.patch
 0011-btrfs.patch
 0012-lxt.patch
+cherry-pick.FILE5_19-18-g0641e56.CVE-2014-3587.patch