Version in base suite: 0.81-3

Base version: pev_0.81-3
Target version: pev_0.81-3+deb11u1
Base file: /srv/ftp-master.debian.org/ftp/pool/main/p/pev/pev_0.81-3.dsc
Target file: /srv/ftp-master.debian.org/policy/pool/main/p/pev/pev_0.81-3+deb11u1.dsc

 changelog                            |    9 +++++++++
 patches/0002-fix-bo-pe_exports.patch |   28 ++++++++++++++++++++++++++++
 patches/series                       |    1 +
 3 files changed, 38 insertions(+)

diff -Nru pev-0.81/debian/changelog pev-0.81/debian/changelog
--- pev-0.81/debian/changelog	2021-05-05 12:09:18.000000000 +0000
+++ pev-0.81/debian/changelog	2023-04-22 20:48:00.000000000 +0000
@@ -1,3 +1,12 @@
+pev (0.81-3+deb11u1) bullseye; urgency=medium
+
+  * debian/patches/0002-fix-bo-pe_exports.patch: created to fix a buffer
+    overflow vulnerability present on libpe's pe_exports function from exports.c
+    (CVE-2021-45423). Without this patch, a maliciously-crafted PE file opened
+    by pev utilities can trigger arbitrary code execution. (Closes: #1034725)
+
+ -- David da Silva Polverari <david.polverari@gmail.com>  Sat, 22 Apr 2023 20:48:00 +0000
+
 pev (0.81-3) unstable; urgency=medium
 
   * QA upload.
diff -Nru pev-0.81/debian/patches/0002-fix-bo-pe_exports.patch pev-0.81/debian/patches/0002-fix-bo-pe_exports.patch
--- pev-0.81/debian/patches/0002-fix-bo-pe_exports.patch	1970-01-01 00:00:00.000000000 +0000
+++ pev-0.81/debian/patches/0002-fix-bo-pe_exports.patch	2023-04-22 20:48:00.000000000 +0000
@@ -0,0 +1,28 @@
+Description: fix a buffer overflow vulnerability (CVE-2021-45423)
+ A Buffer Overflow vulnerability exists in Pev 0.81 via the pe_exports function
+ from exports.c. The array offsets_to_Names is dynamically allocated on the
+ stack using exp->NumberOfFunctions as its size. However, the loop uses
+ exp->NumberOfNames to iterate over it and set its components value. Therefore,
+ the loop code assumes that exp->NumberOfFunctions is greater than ordinal at
+ each iteration. This can lead to arbitrary code execution.
+Author: Saullo Carvalho Castelo Branco <saullocarvalho@gmail.com>
+Origin: upstream, https://github.com/merces/libpe/commit/5f44724e8fcdebf8a6b9fd009543c9dcfae4ea32
+Bug: https://github.com/merces/libpe/issues/35
+Bug-Debian: https://bugs.debian.org/1034725
+Applied-Upstream: https://github.com/merces/libpe/commit/5f44724e8fcdebf8a6b9fd009543c9dcfae4ea32
+Last-Update: 2023-04-22
+
+--- a/lib/libpe/exports.c
++++ b/lib/libpe/exports.c
+@@ -130,7 +130,10 @@
+ 
+ 		const uint32_t entry_name_rva = *entry_name_list;
+ 		const uint64_t entry_name_ofs = pe_rva2ofs(ctx, entry_name_rva);
+-		offsets_to_Names[ordinal] = entry_name_ofs;
++
++        if (ordinal < exp->NumberOfFunctions) {
++            offsets_to_Names[ordinal] = entry_name_ofs;
++        }
+ 	}
+ 
+ 	//
diff -Nru pev-0.81/debian/patches/series pev-0.81/debian/patches/series
--- pev-0.81/debian/patches/series	2021-05-05 09:23:27.000000000 +0000
+++ pev-0.81/debian/patches/series	2023-04-22 20:48:00.000000000 +0000
@@ -1 +1,2 @@
 0001-widechar-off-by-one.patch
+0002-fix-bo-pe_exports.patch