[med-svn] [Git][med-team/libgclib][master] 2 commits: Fix CVE-2021-42006

Andreas Tille (@tille) gitlab at salsa.debian.org
Mon Oct 18 09:03:08 BST 2021 


Andreas Tille pushed to branch master at Debian Med / libgclib


Commits:
c118e9b0 by Andreas Tille at 2021-10-18T09:54:40+02:00
Fix CVE-2021-42006

- - - - -
3fabee3c by Andreas Tille at 2021-10-18T09:56:15+02:00
routine-update: Ready to upload to unstable

- - - - -


3 changed files:

- debian/changelog
- + debian/patches/CVE-2021-42006.patch
- debian/patches/series


Changes:

=====================================
debian/changelog
=====================================
@@ -1,3 +1,9 @@
+libgclib (0.12.7+ds-2) unstable; urgency=medium
+
+  * Fix CVE-2021-42006
+
+ -- Andreas Tille <tille at debian.org>  Mon, 18 Oct 2021 09:55:11 +0200
+
 libgclib (0.12.7+ds-1) unstable; urgency=medium
 
   * Fix watchfile to detect new versions on github


=====================================
debian/patches/CVE-2021-42006.patch
=====================================
@@ -0,0 +1,27 @@
+Description: Fix CVE-2021-42006
+Origin: https://github.com/gpertea/gclib/issues/11
+Author: Andreas Tille <tille at debian.org>
+Last-Update: Mon, 18 Oct 2021 09:52:44 +0200
+
+--- a/gff.cpp
++++ b/gff.cpp
+@@ -405,7 +405,7 @@ GffLine::GffLine(GffReader* reader, cons
+  GMALLOC(dupline, llen+1);
+  memcpy(dupline, l, llen+1);
+  skipLine=true; //clear only if we make it to the end of this function
+- char* t[9];
++ char* t[9] = {0};
+  int i=0;
+  int tidx=1;
+  t[0]=line;
+@@ -430,6 +430,10 @@ GffLine::GffLine(GffReader* reader, cons
+  track=t[1];
+  ftype=t[2];
+  info=t[8];
++ if (!info) {
++   GMessage("Warning: missing info:\n%s\n",l);
++   return;
++ }
+  char* p=t[3];
+  if (!parseUInt(p,fstart)) {
+    //chromosome_band entries in Flybase


=====================================
debian/patches/series
=====================================
@@ -1 +1,2 @@
 autoconf.patch
+CVE-2021-42006.patch



View it on GitLab: https://salsa.debian.org/med-team/libgclib/-/compare/1c69ccf274998b51bc214d75513ddad3a321be5c...3fabee3c36393dd5e5b4a6995342a4c5b43e989f

-- 
View it on GitLab: https://salsa.debian.org/med-team/libgclib/-/compare/1c69ccf274998b51bc214d75513ddad3a321be5c...3fabee3c36393dd5e5b4a6995342a4c5b43e989f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-med-commit/attachments/20211018/b6b12d8c/attachment-0001.htm>

More information about the debian-med-commit mailing list