diff -Nru bchunk-1.2.0/debian/changelog bchunk-1.2.0/debian/changelog --- bchunk-1.2.0/debian/changelog 2012-03-27 06:44:45.000000000 +0000 +++ bchunk-1.2.0/debian/changelog 2017-11-13 14:05:57.000000000 +0000 @@ -1,3 +1,19 @@ +bchunk (1.2.0-12+deb8u1build0.16.04.1) xenial-security; urgency=medium + + * fake sync from Debian + + -- Marc Deslauriers Mon, 13 Nov 2017 09:05:57 -0500 + +bchunk (1.2.0-12+deb8u1) jessie-security; urgency=high + + * Non-maintainer upload. + * Fix CVE-2017-15953, CVE-2017-15954 and CVE-2017-15955. + bchunk was vulnerable to a heap-based buffer overflow with an resultant + invalid free when processing a malformed CUE (.cue) file that may lead to + the execution of arbitrary code or a application crash. (Closes: #880116) + + -- Markus Koschany Wed, 08 Nov 2017 19:41:33 +0100 + bchunk (1.2.0-12) unstable; urgency=low * New maintainer. (Closes: #540585) diff -Nru bchunk-1.2.0/debian/patches/CVE-2017-15953.patch bchunk-1.2.0/debian/patches/CVE-2017-15953.patch --- bchunk-1.2.0/debian/patches/CVE-2017-15953.patch 1970-01-01 00:00:00.000000000 +0000 +++ bchunk-1.2.0/debian/patches/CVE-2017-15953.patch 2017-11-08 18:41:33.000000000 +0000 @@ -0,0 +1,36 @@ +From: Markus Koschany +Date: Thu, 2 Nov 2017 15:52:01 +0100 +Subject: CVE-2017-15953 + +Bug-Debian: https://bugs.debian.org/880116 +Origin: https://github.com/rydnr/nixpkgs/blob/5643fd19cf46ae516c69b625cd09f5a6a8774b6f/pkgs/tools/cd-dvd/bchunk/CVE-2017-15953.patch +--- + bchunk.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/bchunk.c b/bchunk.c +index 48c694b..733cfd1 100644 +--- a/bchunk.c ++++ b/bchunk.c +@@ -18,6 +18,7 @@ + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + ++#define _GNU_SOURCE + #include + #include + #include +@@ -271,11 +272,10 @@ int writetrack(FILE *bf, struct track_t *track, char *bname) + int16_t i; + float fl; + +- if (!(fname = malloc(strlen(bname) + 8))) { +- fprintf(stderr, "main(): malloc() failed, out of memory\n"); ++ if (asprintf(&fname, "%s%2.2d.%s", bname, track->num, track->extension) == -1) { ++ fprintf(stderr, "writetrack(): asprintf() failed, out of memory\n"); + exit(4); + } +- sprintf(fname, "%s%2.2d.%s", bname, track->num, track->extension); + + printf("%2d: %s ", track->num, fname); + diff -Nru bchunk-1.2.0/debian/patches/CVE-2017-15955.patch bchunk-1.2.0/debian/patches/CVE-2017-15955.patch --- bchunk-1.2.0/debian/patches/CVE-2017-15955.patch 1970-01-01 00:00:00.000000000 +0000 +++ bchunk-1.2.0/debian/patches/CVE-2017-15955.patch 2017-11-08 18:41:33.000000000 +0000 @@ -0,0 +1,44 @@ +From: Markus Koschany +Date: Thu, 2 Nov 2017 15:54:51 +0100 +Subject: CVE-2017-15955 + +Bug-Debian: https://bugs.debian.org/880116 +Origin: https://github.com/rydnr/nixpkgs/blob/5643fd19cf46ae516c69b625cd09f5a6a8774b6f/pkgs/tools/cd-dvd/bchunk/CVE-2017-15955.patch +--- + bchunk.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/bchunk.c b/bchunk.c +index 733cfd1..60d3000 100644 +--- a/bchunk.c ++++ b/bchunk.c +@@ -426,12 +426,12 @@ int main(int argc, char **argv) + printf("\nTrack "); + if (!(p = strchr(p, ' '))) { + fprintf(stderr, "... ouch, no space after TRACK.\n"); +- continue; ++ exit(3); + } + p++; + if (!(t = strchr(p, ' '))) { + fprintf(stderr, "... ouch, no space after track number.\n"); +- continue; ++ exit(3); + } + *t = '\0'; + +@@ -460,12 +460,12 @@ int main(int argc, char **argv) + } else if ((p = strstr(s, "INDEX"))) { + if (!(p = strchr(p, ' '))) { + printf("... ouch, no space after INDEX.\n"); +- continue; ++ exit(3); + } + p++; + if (!(t = strchr(p, ' '))) { + printf("... ouch, no space after index number.\n"); +- continue; ++ exit(3); + } + *t = '\0'; + t++; diff -Nru bchunk-1.2.0/debian/patches/series bchunk-1.2.0/debian/patches/series --- bchunk-1.2.0/debian/patches/series 2012-03-11 05:27:44.000000000 +0000 +++ bchunk-1.2.0/debian/patches/series 2017-11-08 18:41:33.000000000 +0000 @@ -1,2 +1,4 @@ 01-track-size.patch 02-clarify-formats-in-help.patch +CVE-2017-15953.patch +CVE-2017-15955.patch