diff options
author | J0WI <J0WI@users.noreply.github.com> | 2023-10-09 21:47:09 +0200 |
---|---|---|
committer | J0WI <J0WI@users.noreply.github.com> | 2023-10-09 21:58:20 +0200 |
commit | 31d3b15e6062f6bbfd8756574b638922cd8f4824 (patch) | |
tree | 31ee0bcd691e5e084cd039e7caee842cb47e42b5 | |
parent | 3b687e8354576b46936a3d780bb45a3fc9275bec (diff) |
community/libcue: patch CVE-2023-43641
-rw-r--r-- | community/libcue/APKBUILD | 14 | ||||
-rw-r--r-- | community/libcue/CVE-2023-43641.patch | 15 |
2 files changed, 26 insertions, 3 deletions
diff --git a/community/libcue/APKBUILD b/community/libcue/APKBUILD index 514e659adf3..20217f22ae6 100644 --- a/community/libcue/APKBUILD +++ b/community/libcue/APKBUILD @@ -2,14 +2,19 @@ # Maintainer: pkgname=libcue pkgver=2.2.1 -pkgrel=1 +pkgrel=2 pkgdesc="Library for parsing CUE sheet files" url="https://github.com/lipnitsk/libcue" license="GPL-2.0-or-later" arch="all" makedepends="cmake bison flex" subpackages="$pkgname-dev" -source="$pkgname-$pkgver.tar.gz::https://github.com/lipnitsk/libcue/archive/v$pkgver.tar.gz" +source="$pkgname-$pkgver.tar.gz::https://github.com/lipnitsk/libcue/archive/v$pkgver.tar.gz + CVE-2023-43641.patch" + +# secfixes: +# 2.2.1-r0: +# - CVE-2023-43641 build() { cmake -B build . \ @@ -29,4 +34,7 @@ package() { make -C build DESTDIR="$pkgdir" install } -sha512sums="32e476cb09ed2cb2d64aaba1342fb91e77e448391b493a3a794a8d2a6723a0e6097a90b11c6ad82998cb7f270f4f18c2578d7b8575f6929c2a35502e09ebc964 libcue-2.2.1.tar.gz" +sha512sums=" +32e476cb09ed2cb2d64aaba1342fb91e77e448391b493a3a794a8d2a6723a0e6097a90b11c6ad82998cb7f270f4f18c2578d7b8575f6929c2a35502e09ebc964 libcue-2.2.1.tar.gz +1dc3d55df1142c7c39f493586c5aa3678c980aa5a8f49c50b6985301ff99ecfe9e2d368b74a6b492d51093d9b7fecfc1f08a03f10986aa0fe94824859b0db203 CVE-2023-43641.patch +" diff --git a/community/libcue/CVE-2023-43641.patch b/community/libcue/CVE-2023-43641.patch new file mode 100644 index 00000000000..59f1198160f --- /dev/null +++ b/community/libcue/CVE-2023-43641.patch @@ -0,0 +1,15 @@ +https://github.blog/2023-10-09-coordinated-disclosure-1-click-rce-on-gnome-cve-2023-43641/ + +diff --git a/cd.c b/cd.c +index cf77a18..4bbea19 100644 +--- a/cd.c ++++ b/cd.c +@@ -339,7 +339,7 @@ track_get_rem(const Track* track) + + void track_set_index(Track *track, int i, long ind) + { +- if (i > MAXINDEX) { ++ if (i < 0 || i > MAXINDEX) { + fprintf(stderr, "too many indexes\n"); + return; + } |