summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMatthew Vernon <matthew@debian.org>2020-06-18 19:48:34 +0100
committerMatthew Vernon <matthew@debian.org>2020-06-18 19:48:34 +0100
commitf6543fc79655e8ebfbe2b4caf111fee87ce75596 (patch)
treeeab9eff0f0b606f7ce1bd50f17e126ded5865cba
parent1f0e4021e303206dd8cb23adae35cdbbb5ea28f3 (diff)
Commit Debian 3.0 (quilt) metadatadebian/2%8.39-13archive/debian/2%8.39-13
[dgit (8.5~bpo9+1) quilt-fixup]
-rw-r--r--debian/patches/series1
-rw-r--r--debian/patches/upstream-patch-fixing-cve-2020-14155.patch37
2 files changed, 38 insertions, 0 deletions
diff --git a/debian/patches/series b/debian/patches/series
index 6b773a6..053e837 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -8,3 +8,4 @@ Disable_JIT_on_sparc64.patch
CVE-2017-6004.patch
upstream-fix-for-cve-2017-7186-upstream-
patch-from-mariadb-to-fix-stack-frame-si
+upstream-patch-fixing-cve-2020-14155.patch
diff --git a/debian/patches/upstream-patch-fixing-cve-2020-14155.patch b/debian/patches/upstream-patch-fixing-cve-2020-14155.patch
new file mode 100644
index 0000000..625708d
--- /dev/null
+++ b/debian/patches/upstream-patch-fixing-cve-2020-14155.patch
@@ -0,0 +1,37 @@
+From: Matthew Vernon <matthew@debian.org>
+Date: Thu, 18 Jun 2020 19:32:51 +0100
+X-Dgit-Generated: 2:8.39-13 7b88c83f87391950756256072f886a08c44ed78f
+Subject: upstream patch fixing CVE-2020-14155
+
+This checks the size of the number after (?C as it is read, in order
+to avoid integer overflow.
+
+---
+
+--- pcre3-8.39.orig/pcre_compile.c
++++ pcre3-8.39/pcre_compile.c
+@@ -7086,17 +7086,19 @@ for (;; ptr++)
+ int n = 0;
+ ptr++;
+ while(IS_DIGIT(*ptr))
++ {
+ n = n * 10 + *ptr++ - CHAR_0;
++ if (n > 255)
++ {
++ *errorcodeptr = ERR38;
++ goto FAILED;
++ }
++ }
+ if (*ptr != CHAR_RIGHT_PARENTHESIS)
+ {
+ *errorcodeptr = ERR39;
+ goto FAILED;
+ }
+- if (n > 255)
+- {
+- *errorcodeptr = ERR38;
+- goto FAILED;
+- }
+ *code++ = n;
+ PUT(code, 0, (int)(ptr - cd->start_pattern + 1)); /* Pattern offset */
+ PUT(code, LINK_SIZE, 0); /* Default length */