Version in base suite: 1.4.5-1

Base version: timg_1.4.5-1
Target version: timg_1.4.5-1+deb12u1
Base file: /srv/ftp-master.debian.org/ftp/pool/main/t/timg/timg_1.4.5-1.dsc
Target file: /srv/ftp-master.debian.org/policy/pool/main/t/timg/timg_1.4.5-1+deb12u1.dsc

 changelog                    |    6 ++++++
 patches/CVE-2023-40968.patch |   23 +++++++++++++++++++++++
 patches/series               |    1 +
 3 files changed, 30 insertions(+)

diff -Nru timg-1.4.5/debian/changelog timg-1.4.5/debian/changelog
--- timg-1.4.5/debian/changelog	2022-11-30 19:09:18.000000000 +0000
+++ timg-1.4.5/debian/changelog	2023-09-09 17:07:01.000000000 +0000
@@ -1,3 +1,9 @@
+timg (1.4.5-1+deb12u1) bookworm; urgency=medium
+
+  * Cherry-pick upstream fix for CVE-2023-40968 (Closes: #1051231)
+
+ -- Tobias Frost <tobi@debian.org>  Sat, 09 Sep 2023 19:07:01 +0200
+
 timg (1.4.5-1) unstable; urgency=medium
 
   [ Tobias Frost ]
diff -Nru timg-1.4.5/debian/patches/CVE-2023-40968.patch timg-1.4.5/debian/patches/CVE-2023-40968.patch
--- timg-1.4.5/debian/patches/CVE-2023-40968.patch	1970-01-01 00:00:00.000000000 +0000
+++ timg-1.4.5/debian/patches/CVE-2023-40968.patch	2023-09-09 17:07:01.000000000 +0000
@@ -0,0 +1,23 @@
+Description: CVE-2023-40968 buffer overflow vulnerability
+Origin: https://github.com/hzeller/timg/commit/2e9414e668144bbe0afc074dac17b74ef4acfdcf 
+Bug: https://github.com/hzeller/timg/issues/115
+Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051231
+--- a/src/unicode-block-canvas.cc
++++ b/src/unicode-block-canvas.cc
+@@ -417,13 +417,14 @@
+                                + SCREEN_END_OF_LINE_LEN);  // Finishing a line.
+ 
+     // Depending on even/odd situation, we might need one extra row.
+-    const size_t new_backing = width * (height + 1) * sizeof(rgba_t);
++    // For quarter, we have one extra possible pixel wider.
++    const size_t new_backing = (width + 1) * (height + 1) * sizeof(rgba_t);
+     if (new_backing > backing_buffer_size_) {
+         backing_buffer_      = (rgba_t *)realloc(backing_buffer_, new_backing);
+         backing_buffer_size_ = new_backing;
+     }
+ 
+-    const size_t new_empty = width * sizeof(rgba_t);
++    const size_t new_empty = (width + 1) * sizeof(rgba_t);
+     if (new_empty > empty_line_size_) {
+         empty_line_      = (rgba_t *)realloc(empty_line_, new_empty);
+         empty_line_size_ = new_empty;
diff -Nru timg-1.4.5/debian/patches/series timg-1.4.5/debian/patches/series
--- timg-1.4.5/debian/patches/series	2022-11-30 18:52:10.000000000 +0000
+++ timg-1.4.5/debian/patches/series	2023-09-09 17:07:01.000000000 +0000
@@ -1 +1,2 @@
 use-system-qui.patch
+CVE-2023-40968.patch