diff options
author | Matthew Vernon <matthew@debian.org> | 2020-06-18 19:48:34 +0100 |
---|---|---|
committer | Matthew Vernon <matthew@debian.org> | 2020-06-18 19:48:34 +0100 |
commit | f6543fc79655e8ebfbe2b4caf111fee87ce75596 (patch) | |
tree | eab9eff0f0b606f7ce1bd50f17e126ded5865cba /debian | |
parent | 1f0e4021e303206dd8cb23adae35cdbbb5ea28f3 (diff) |
Commit Debian 3.0 (quilt) metadatadebian/2%8.39-13archive/debian/2%8.39-13
[dgit (8.5~bpo9+1) quilt-fixup]
Diffstat (limited to 'debian')
-rw-r--r-- | debian/patches/series | 1 | ||||
-rw-r--r-- | debian/patches/upstream-patch-fixing-cve-2020-14155.patch | 37 |
2 files changed, 38 insertions, 0 deletions
diff --git a/debian/patches/series b/debian/patches/series index 6b773a6..053e837 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -8,3 +8,4 @@ Disable_JIT_on_sparc64.patch CVE-2017-6004.patch upstream-fix-for-cve-2017-7186-upstream- patch-from-mariadb-to-fix-stack-frame-si +upstream-patch-fixing-cve-2020-14155.patch diff --git a/debian/patches/upstream-patch-fixing-cve-2020-14155.patch b/debian/patches/upstream-patch-fixing-cve-2020-14155.patch new file mode 100644 index 0000000..625708d --- /dev/null +++ b/debian/patches/upstream-patch-fixing-cve-2020-14155.patch @@ -0,0 +1,37 @@ +From: Matthew Vernon <matthew@debian.org> +Date: Thu, 18 Jun 2020 19:32:51 +0100 +X-Dgit-Generated: 2:8.39-13 7b88c83f87391950756256072f886a08c44ed78f +Subject: upstream patch fixing CVE-2020-14155 + +This checks the size of the number after (?C as it is read, in order +to avoid integer overflow. + +--- + +--- pcre3-8.39.orig/pcre_compile.c ++++ pcre3-8.39/pcre_compile.c +@@ -7086,17 +7086,19 @@ for (;; ptr++) + int n = 0; + ptr++; + while(IS_DIGIT(*ptr)) ++ { + n = n * 10 + *ptr++ - CHAR_0; ++ if (n > 255) ++ { ++ *errorcodeptr = ERR38; ++ goto FAILED; ++ } ++ } + if (*ptr != CHAR_RIGHT_PARENTHESIS) + { + *errorcodeptr = ERR39; + goto FAILED; + } +- if (n > 255) +- { +- *errorcodeptr = ERR38; +- goto FAILED; +- } + *code++ = n; + PUT(code, 0, (int)(ptr - cd->start_pattern + 1)); /* Pattern offset */ + PUT(code, LINK_SIZE, 0); /* Default length */ |