Publishing details

Changelog

libcdio (2.1.0-ok2) nile; urgency=medium

  * SECURITY UPDATE: buffer overflow     - debian/patches/CVE-2024-36600-
    1.patch: Allocates space for       growth and additional buffer in
    lib/iso9660/rock.c     - debian/patches/CVE-2024-36600-2.patch:
    Limits the maximum read       count to prevent an overflow in
    lib/driver/_cdio_stdio.c     - debian/patches/CVE-2024-36600-
    3.patch: Adds input validation to       unicode16_decode function in
    lib/udf/udf_fs.c     - debian/patches/CVE-2024-36600-4.patch: Adds
    bounds checking for       directory buffer size and total size
    calculation in       lib/iso9660/iso9660_fs.c     -
    debian/patches/CVE-2024-36600-5.patch: Fixes overflow in iso9660
    dir read (32-bit) in lib/iso9660/iso9660_fs.c     -
    debian/patches/CVE-2024-36600-6.patch: Checks the validity of
    i_extended_attr member in udf_get_lba() in lib/udf/udf_fs.c     -
    debian/patches/CVE-2024-36600-7.patch: Adds 32-bit size test
    only when needed in lib/iso9660/iso9660_fs.c     - CVE-2024-36600

 -- liubo01 <email address hidden>  Mon, 04 Nov 2024 16:48:19 +0800

Available diffs

Builds

Built packages

Package files