guix-commits
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

02/02: gnu: libmwaw: Fix CVE-2017-9433.

From: Leo Famulari
Subject: 02/02: gnu: libmwaw: Fix CVE-2017-9433.
Date: Mon, 12 Jun 2017 01:20:57 -0400 (EDT) 
lfam pushed a commit to branch master
in repository guix.

commit 34a0984e57e549ba441997dce474140ef85b5a43
Author: Leo Famulari <address@hidden>
Date:   Sun Jun 11 22:18:53 2017 -0400

    gnu: libmwaw: Fix CVE-2017-9433.
    
    * gnu/packages/patches/libmwaw-CVE-2017-9433.patch: New file.
    * gnu/local.mk (dist_patch_DATA): Add it.
    * gnu/packages/libreoffice.scm (libmwaw)[source]: Use it.
---
 gnu/local.mk                                     |  1 +
 gnu/packages/libreoffice.scm                     |  1 +
 gnu/packages/patches/libmwaw-CVE-2017-9433.patch | 33 ++++++++++++++++++++++++
 3 files changed, 35 insertions(+)

diff --git a/gnu/local.mk b/gnu/local.mk
index 128cca8..c2a7ba7 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -742,6 +742,7 @@ dist_patch_DATA =                                           
\
   %D%/packages/patches/libmad-armv7-thumb-pt2.patch            \
   %D%/packages/patches/libmad-frame-length.patch               \
   %D%/packages/patches/libmad-mips-newgcc.patch                        \
+  %D%/packages/patches/libmwaw-CVE-2017-9433.patch             \
   %D%/packages/patches/libsndfile-armhf-type-checks.patch      \
   %D%/packages/patches/libsndfile-CVE-2017-8361-8363-8365.patch        \
   %D%/packages/patches/libsndfile-CVE-2017-8362.patch          \
diff --git a/gnu/packages/libreoffice.scm b/gnu/packages/libreoffice.scm
index afaf800..809e28e 100644
--- a/gnu/packages/libreoffice.scm
+++ b/gnu/packages/libreoffice.scm
@@ -590,6 +590,7 @@ text documents, vector drawings, presentations and 
spreadsheets.")
       (method url-fetch)
       (uri (string-append "mirror://sourceforge/" name "/" name "/" name "-"
                           version "/" name "-" version ".tar.xz"))
+      (patches (search-patches "libmwaw-CVE-2017-9433.patch"))
       (sha256 (base32
                "16i9s9p4sjpdpbm3gq6jkc9r3nyfy47ggkdlgh7vr0mydccklj2b"))))
     (build-system gnu-build-system)
diff --git a/gnu/packages/patches/libmwaw-CVE-2017-9433.patch 
b/gnu/packages/patches/libmwaw-CVE-2017-9433.patch
new file mode 100644
index 0000000..502a11d
--- /dev/null
+++ b/gnu/packages/patches/libmwaw-CVE-2017-9433.patch
@@ -0,0 +1,33 @@
+Fix CVE-2017-9433:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9433
+
+Patch copied from upstream source repository:
+
+https://sourceforge.net/p/libmwaw/libmwaw/ci/68b3b74569881248bfb6cbb4266177cc253b292f
+
+From 68b3b74569881248bfb6cbb4266177cc253b292f Mon Sep 17 00:00:00 2001
+From: David Tardon <address@hidden>
+Date: Sat, 8 Apr 2017 14:03:29 +0200
+Subject: [PATCH] ofz#1037 resize vector correctly
+
+---
+ src/lib/MsWrd1Parser.cxx | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/lib/MsWrd1Parser.cxx b/src/lib/MsWrd1Parser.cxx
+index 63547e6..3626064 100644
+--- a/src/lib/MsWrd1Parser.cxx
++++ b/src/lib/MsWrd1Parser.cxx
+@@ -902,7 +902,7 @@ bool MsWrd1Parser::readFootnoteCorrespondance(MWAWVec2i 
limits)
+     int id = fIt++->second;
+     fPos[1] = fIt==footnoteMap.end() ? m_state->m_eot : fIt->first;
+     if (id >= int(m_state->m_footnotesList.size()))
+-      m_state->m_footnotesList.resize(size_t(id),MWAWVec2l(0,0));
++      m_state->m_footnotesList.resize(size_t(id)+1,MWAWVec2l(0,0));
+     m_state->m_footnotesList[size_t(id)]=fPos;
+   }
+   ascii().addDelimiter(input->tell(),'|');
+-- 
+2.13.1
+
reply via email to
[Prev in Thread] Current Thread [Next in Thread]