Version in base suite: 2.7.1+dfsg-5 Base version: gsl_2.7.1+dfsg-5 Target version: gsl_2.7.1+dfsg-5+deb12u1 Base file: /srv/ftp-master.debian.org/ftp/pool/main/g/gsl/gsl_2.7.1+dfsg-5.dsc Target file: /srv/ftp-master.debian.org/policy/pool/main/g/gsl/gsl_2.7.1+dfsg-5+deb12u1.dsc changelog | 8 +++ patches/0001-fix-for-bug-59624.patch | 72 +++++++++++++++++++++++++++++++++++ patches/series | 1 3 files changed, 81 insertions(+) diff -Nru gsl-2.7.1+dfsg/debian/changelog gsl-2.7.1+dfsg/debian/changelog --- gsl-2.7.1+dfsg/debian/changelog 2023-06-02 20:21:26.000000000 +0000 +++ gsl-2.7.1+dfsg/debian/changelog 2024-12-07 16:20:21.000000000 +0000 @@ -1,3 +1,11 @@ +gsl (2.7.1+dfsg-5+deb12u1) bookworm; urgency=medium + + * Non-maintainer upload. + * CVE-2020-35357: buffer overflow when calculating the quantile value + (Closes: #1052655) + + -- Adrian Bunk Sat, 07 Dec 2024 18:20:21 +0200 + gsl (2.7.1+dfsg-5) unstable; urgency=medium * debian/control: Actually add the 'Breaks' that was supposed to be in diff -Nru gsl-2.7.1+dfsg/debian/patches/0001-fix-for-bug-59624.patch gsl-2.7.1+dfsg/debian/patches/0001-fix-for-bug-59624.patch --- gsl-2.7.1+dfsg/debian/patches/0001-fix-for-bug-59624.patch 1970-01-01 00:00:00.000000000 +0000 +++ gsl-2.7.1+dfsg/debian/patches/0001-fix-for-bug-59624.patch 2024-12-07 16:20:10.000000000 +0000 @@ -0,0 +1,72 @@ +From fa31ba5ff30986094aa144bf9eda97bcaa264440 Mon Sep 17 00:00:00 2001 +From: Patrick Alken +Date: Sat, 16 Apr 2022 11:56:10 -0600 +Subject: fix for bug #59624 + +--- + statistics/quantiles.c | 1 + + statistics/quantiles_source.c | 35 +++++++++++++++++++++-------------- + 2 files changed, 22 insertions(+), 14 deletions(-) + +diff --git a/statistics/quantiles.c b/statistics/quantiles.c +index 96a3a25c..50898d9b 100644 +--- a/statistics/quantiles.c ++++ b/statistics/quantiles.c +@@ -1,5 +1,6 @@ + #include + #include ++#include + + #define BASE_LONG_DOUBLE + #include "templates_on.h" +diff --git a/statistics/quantiles_source.c b/statistics/quantiles_source.c +index e2956d9d..b2feba4c 100644 +--- a/statistics/quantiles_source.c ++++ b/statistics/quantiles_source.c +@@ -24,22 +24,29 @@ FUNCTION(gsl_stats,quantile_from_sorted_data) (const BASE sorted_data[], + const size_t n, + const double f) + { +- const double index = f * (n - 1) ; +- const size_t lhs = (int)index ; +- const double delta = index - lhs ; +- double result; +- +- if (n == 0) +- return 0.0 ; +- +- if (lhs == n - 1) ++ if ((f < 0.0) || (f > 1.0)) + { +- result = sorted_data[lhs * stride] ; ++ GSL_ERROR_VAL ("invalid quantile fraction", GSL_EDOM, 0.0); + } +- else ++ else + { +- result = (1 - delta) * sorted_data[lhs * stride] + delta * sorted_data[(lhs + 1) * stride] ; +- } ++ const double index = f * (n - 1) ; ++ const size_t lhs = (int)index ; ++ const double delta = index - lhs ; ++ double result; + +- return result ; ++ if (n == 0) ++ return 0.0 ; ++ ++ if (lhs == n - 1) ++ { ++ result = sorted_data[lhs * stride] ; ++ } ++ else ++ { ++ result = (1 - delta) * sorted_data[lhs * stride] + delta * sorted_data[(lhs + 1) * stride] ; ++ } ++ ++ return result ; ++ } + } +-- +2.30.2 + diff -Nru gsl-2.7.1+dfsg/debian/patches/series gsl-2.7.1+dfsg/debian/patches/series --- gsl-2.7.1+dfsg/debian/patches/series 2021-12-02 01:10:24.000000000 +0000 +++ gsl-2.7.1+dfsg/debian/patches/series 2024-12-07 16:20:21.000000000 +0000 @@ -5,3 +5,4 @@ manual-page-correction ## renamed-delete ## correct-libtool-age-setting +0001-fix-for-bug-59624.patch