[Python-modules-commits] r31858 - in packages/matplotlib/trunk/debian (3 files)

morph at users.alioth.debian.org morph at users.alioth.debian.org
Thu Feb 12 23:56:36 UTC 2015 

    Date: Thursday, February 12, 2015 @ 23:56:35
  Author: morph
Revision: 31858

* debian/patches/CVE-2013-1424.patch
  - fix a buffer overrun in mplutils Printf(), addressing CVE-2013-1424;
    thanks to Matt Giuca for the patch; Closes: #775691

Added:
  packages/matplotlib/trunk/debian/patches/CVE-2013-1424.patch
Modified:
  packages/matplotlib/trunk/debian/changelog
  packages/matplotlib/trunk/debian/patches/series

Modified: packages/matplotlib/trunk/debian/changelog
===================================================================
--- packages/matplotlib/trunk/debian/changelog	2015-02-12 23:41:10 UTC (rev 31857)
+++ packages/matplotlib/trunk/debian/changelog	2015-02-12 23:56:35 UTC (rev 31858)
@@ -10,8 +10,11 @@
       Taylor for the report and the work on Debian PyCXX side: Closes: #613818
   * debian/watch
     - download tarball from GitHub
+  * debian/patches/CVE-2013-1424.patch
+    - fix a buffer overrun in mplutils Printf(), addressing CVE-2013-1424;
+      thanks to Matt Giuca for the patch; Closes: #775691
 
- -- Sandro Tosi <morph at debian.org>  Thu, 12 Feb 2015 20:53:06 +0000
+ -- Sandro Tosi <morph at debian.org>  Thu, 12 Feb 2015 23:50:30 +0000
 
 matplotlib (1.4.2-3) unstable; urgency=medium
 

Added: packages/matplotlib/trunk/debian/patches/CVE-2013-1424.patch
===================================================================
--- packages/matplotlib/trunk/debian/patches/CVE-2013-1424.patch	                        (rev 0)
+++ packages/matplotlib/trunk/debian/patches/CVE-2013-1424.patch	2015-02-12 23:56:35 UTC (rev 31858)
@@ -0,0 +1,14 @@
+--- a/src/mplutils.cpp
++++ b/src/mplutils.cpp
+@@ -18,7 +18,10 @@ Printf::Printf(const char *fmt, ...)
+ {
+     va_list ap;
+     va_start(ap, fmt);
+-    vsprintf(buffer, fmt, ap);
++    vsnprintf(buffer, 1024, fmt, ap);
++    // Null-terminate the string. Non-standard C implementations (e.g.,
++    // Microsoft Visual C++) do not do this automatically.
++    buffer[1023] = '\0';
+     va_end(ap);  // look ma - I rememberd it this time
+ }
+ 

Modified: packages/matplotlib/trunk/debian/patches/series
===================================================================
--- packages/matplotlib/trunk/debian/patches/series	2015-02-12 23:41:10 UTC (rev 31857)
+++ packages/matplotlib/trunk/debian/patches/series	2015-02-12 23:56:35 UTC (rev 31858)
@@ -7,3 +7,4 @@
 #gtk3agg_check_no-multiprocessing.patch
 gtk3cairo_check_no-multiprocessing.patch
 bts613818_use_system_pycxx.patch
+CVE-2013-1424.patch

More information about the Python-modules-commits mailing list