unofficial mirror of guix-patches@gnu.org 
 help / color / mirror / code / Atom feed
blob 640c1979813a83bf45c353b78a908d76964982ef 465 bytes (raw)
name: gnu/packages/patches/libcue-CVE-2023-43641.patch 	 # note: path name is non-authoritative(*)
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18

 
Fix CVE-2023-43641:
https://github.blog/2023-10-09-coordinated-disclosure-1-click-rce-on-gnome-cve-2023-43641/

Patch from the disclosure post.

diff --git a/cd.c b/cd.c
index cf77a18..4bbea19 100644
--- a/cd.c
+++ b/cd.c
@@ -339,7 +339,7 @@ track_get_rem(const Track* track)
 
 void track_set_index(Track *track, int i, long ind)
 {
-	if (i > MAXINDEX) {
+	if (i < 0 || i > MAXINDEX) {
 		fprintf(stderr, "too many indexes\n");
                 return;
         }

debug log:

solving 640c197981 ...
found 640c197981 in https://yhetil.org/guix-patches/20231009201647.9891-1-hello@lnikki.la/

applying [1/1] https://yhetil.org/guix-patches/20231009201647.9891-1-hello@lnikki.la/
diff --git a/gnu/packages/patches/libcue-CVE-2023-43641.patch b/gnu/packages/patches/libcue-CVE-2023-43641.patch
new file mode 100644
index 0000000000..640c197981

1:17: trailing whitespace.
 
1:22: space before tab in indent.
 		fprintf(stderr, "too many indexes\n");
Checking patch gnu/packages/patches/libcue-CVE-2023-43641.patch...
Applied patch gnu/packages/patches/libcue-CVE-2023-43641.patch cleanly.
warning: 2 lines add whitespace errors.

index at:
100644 640c1979813a83bf45c353b78a908d76964982ef	gnu/packages/patches/libcue-CVE-2023-43641.patch

(*) Git path names are given by the tree(s) the blob belongs to.
    Blobs themselves have no identifier aside from the hash of its contents.^
Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/guix.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).