Fix CVE-2023-40305 (a heap buffer overwrite in search_brace)

1 year ago · 77befa590a
parent 9fc2146de4
commit 77befa590a
2 changed files with 4253 additions and 0 deletions
--- a/indent-2.2.13-Fix-a-heap-buffer-overwrite-in-search_brace-CVE-2023.patch
+++ b/indent-2.2.13-Fix-a-heap-buffer-overwrite-in-search_brace-CVE-2023.patch
--- a/indent.spec
+++ b/indent.spec
@ -113,6 +113,9 @@ Patch0:     indent-2.2.13-Check-for-setlocale-function.patch
 # Fix a heap overread in search_brace/lexi, proposed to the upstream,
 # <https://savannah.gnu.org/bugs/index.php?64503>
 Patch1:     indent-2.2.13-Fix-an-out-of-buffer-read-in-search_brace-lexi-on-an.patch
+# Fix CVE-2023-40305 (a heap buffer overwrite in search_brace), bug #2231919,
+# proposed to the upstream, <https://savannah.gnu.org/bugs/index.php?64503>
+Patch2:     indent-2.2.13-Fix-a-heap-buffer-overwrite-in-search_brace-CVE-2023.patch
 BuildRequires:  autoconf2.7x >= 2.71
 # autoconf-archive for unbundled ax_cc_for_build.m4
 BuildRequires:  autoconf-archive
@ -178,6 +181,7 @@ make check %{?_smp_mflags}
 %changelog
 * Wed Aug 16 2023 Petr Pisar <ppisar@redhat.com> - 2.2.13-4
 - Fix a heap overread in search_brace/lexi
+- Fix CVE-2023-40305 (a heap buffer overwrite in search_brace) (bug #2231919)

 * Mon Apr 17 2023 Petr Pisar <ppisar@redhat.com> - 2.2.13-3
 - Correct a license to "GPL-3.0-or-later AND BSD-3-Clause AND BSD-4.3TAHOE AND