git Service of IN-Ulm e.V. Explore Help
Sign In
cbiedl
/
file
1
0
Fork 0
Files Pull Requests 0 Wiki
Browse Source

Import Debian version 5.11-2+deb7u9

Markus Koschany 9 years ago
parent
c06c712414
commit
739a1622f1
2 changed files with 28 additions and 0 deletions
Split View Show Diff Stats
  1. 27 0
      debian/patches/CVE-2015-8865.patch
  2. 1 0
      debian/patches/series

+ 27 - 0
debian/patches/CVE-2015-8865.patch
View File 

@@ -0,0 +1,27 @@
 
+From: Markus Koschany <apo@debian.org>
 
+Date: Sat, 7 May 2016 15:13:04 +0200
 
+Subject: CVE-2015-8865
 
+
 
+A malformed magic file can trigger a segmentation fault due to a buffer
 
+over-write in the file_check_mem function.
 
+
 
+Origin: https://bugs.php.net/bug.php?id=71527 (Original bug report)
 
+Origin: http://bugs.gw.com/view.php?id=522 (bug report for file)
 
+Origin: https://github.com/file/file/commit/6713ca45e7757297381f4b4cdb9cf5e624a9ad36 (patch)
 
+---
 
+ src/funcs.c | 2 +-
 
+ 1 file changed, 1 insertion(+), 1 deletion(-)
 
+
 
+diff --git a/src/funcs.c b/src/funcs.c
 
+index e7d2bb8..0ed90ef 100644
 
+--- a/src/funcs.c
 
++++ b/src/funcs.c
 
+@@ -410,7 +410,7 @@ file_check_mem(struct magic_set *ms, unsigned int level)
 
+ 	size_t len;
 
+ 
+ 	if (level >= ms->c.len) {
 
+-		len = (ms->c.len += 20) * sizeof(*ms->c.li);
 
++		len = (ms->c.len = 20 + level) * sizeof(*ms->c.li);
 
+ 		ms->c.li = CAST(struct level_info *, (ms->c.li == NULL) ?
 
+ 		    malloc(len) :
 
+ 		    realloc(ms->c.li, len));

+ 1 - 0
debian/patches/series
View File 

@@ -41,3 +41,4 @@ TEMP-0000000-E110B2.65437ce.patch
 
 
 CVE-2014-9653.1.4c948c0.patch
 
 CVE-2014-9653.2.445c8fb.patch
 
+CVE-2015-8865.patch