...
 
Commits (2)
bwa (0.7.15-2+deb9u1) stretch; urgency=medium
* Team upload
* Add patch from upstream to fix CVE-2019-10269.
(Closes: #926014)
-- Dylan Aïssi <daissi@debian.org> Sat, 06 Apr 2019 09:46:05 +0200
bwa (0.7.15-2) unstable; urgency=medium
* Team upload
......
Author: Heng Li <lh3@me.com>
Description: Fix CVE-2019-10269.
Origin: upstream, https://github.com/lh3/bwa/commit/20d0a13092aa4cb73230492b05f9697d5ef0b88e
Bug: https://github.com/lh3/bwa/pull/232
Bug-Debian: https://bugs.debian.org/926014
--- a/bntseq.c
+++ b/bntseq.c
@@ -197,7 +197,13 @@
}
while (c != '\n' && c != EOF) c = fgetc(fp);
i = 0;
- } else str[i++] = c; // FIXME: potential segfault here
+ } else {
+ if (i >= 1022) {
+ fprintf(stderr, "[E::%s] sequence name longer than 1023 characters. Abort!\n", __func__);
+ exit(1);
+ }
+ str[i++] = c;
+ }
}
kh_destroy(str, h);
fclose(fp);
fix_build_on_freebsd.patch
check_number_of_arguments.patch
spelling.patch
CVE-2019-10269.patch