rpms / libcue

Clone
Source Code
GIT

#3 Backport fix for CVE-2023-43641
Closed 7 months ago by carlwgeorge. Opened 7 months ago by carlwgeorge.
rpms/ carlwgeorge/libcue epel9-CVE-2023-43641  into  epel9

file added
+28 
@@ -0,0 +1,28 @@ 
 

+ From d5597d7b6ebc1bbe07158d704b3b62acb11a5783 Mon Sep 17 00:00:00 2001
 

+ From: Kevin Backhouse <kevinbackhouse@github.com>
 

+ Date: Wed, 27 Sep 2023 20:22:43 +0100
 

+ Subject: [PATCH] Check that the array index isn't negative. This fixes
 

+  CVE-2023-43641.
 

+ 

+ Signed-off-by: Kevin Backhouse <kevinbackhouse@github.com>
 

+ (cherry picked from commit fdf72c8bded8d24cfa0608b8e97f2eed210a920e)
 

+ ---
 

+  cd.c | 2 +-
 

+  1 file changed, 1 insertion(+), 1 deletion(-)
 

+ 

+ diff --git a/cd.c b/cd.c
 

+ index cf77a18..4bbea19 100644
 

+ --- a/cd.c
 

+ +++ b/cd.c
 

+ @@ -339,7 +339,7 @@ track_get_rem(const Track* track)
 

+  

+  void track_set_index(Track *track, int i, long ind)
 

+  {
 

+ -	if (i > MAXINDEX) {
 

+ +	if (i < 0 || i > MAXINDEX) {
 

+  		fprintf(stderr, "too many indexes\n");
 

+                  return;
 

+          }
 

+ -- 

+ 2.41.0
 

+

file modified
+6 -1 
@@ -3,7 +3,7 @@ 
 

  

  Name:		libcue
 

  Version:	2.2.1
 

- Release:	8%{?dist}
 

+ Release:	9%{?dist}
 

  Summary:	Cue sheet parser library
 

  

  # Files libcue/rem.{c,h} contains a BSD header
 
@@ -11,6 +11,8 @@ 
 

  URL:		https://github.com/%{upstream}/%{name}
 

  VCS:		scm:git:https://github.com/%{upstream}/%{name}.git
 

  Source0:	https://github.com/%{upstream}/%{name}/archive/v%{version}/%{name}-%{version}.tar.gz
 

+ # https://github.com/lipnitsk/libcue/commit/fdf72c8bded8d24cfa0608b8e97f2eed210a920e
 

+ Patch0:		0001-Check-that-the-array-index-isn-t-negative.-This-fixes-CVE-2023-43641.patch
 

  BuildRequires:	bison
 

  BuildRequires:	cmake
 

  %if 0%{?rhel} && 0%{?rhel} < 8
 
@@ -79,6 +81,9 @@ 
 

  

  

  %changelog
 

+ * Wed Oct 11 2023 Carl George <carlwgeorge@fedoraproject.org> - 2.2.1-9
 

+ - Backport fix for CVE-2023-43641
 

+ 

  * Thu Jul 22 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2.2.1-8
 

  - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild

no initial comment

Looks like this was resolved differently by merging rawhide into epel9 and updating the package to 2.3.0.

https://src.fedoraproject.org/rpms/libcue/c/a595af8324a91d2cadd2ba7634b8d46126a05911?branch=epel9

Pull-Request has been closed by carlwgeorge
7 months ago
Metadata
None
No Tags
Changes Summary 2
+28
file added
0001-Check-that-the-array-index-isn-t-negative.-This-fixes-CVE-2023-43641.patch
+6 -1
file changed
libcue.spec
Powered by Pagure 5.13.3
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.