Version in base suite: 3.2.7a-5+deb10u1

Base version: fig2dev_3.2.7a-5+deb10u1
Target version: fig2dev_3.2.7a-5+deb10u2
Base file: /srv/ftp-master.debian.org/ftp/pool/main/f/fig2dev/fig2dev_3.2.7a-5+deb10u1.dsc
Target file: /srv/ftp-master.debian.org/policy/pool/main/f/fig2dev/fig2dev_3.2.7a-5+deb10u2.dsc

 changelog                       |    7 +++++++
 patches/41_CVE-2019-19555.patch |   28 ++++++++++++++++++++++++++++
 patches/series                  |    1 +
 3 files changed, 36 insertions(+)

diff -Nru fig2dev-3.2.7a/debian/changelog fig2dev-3.2.7a/debian/changelog
--- fig2dev-3.2.7a/debian/changelog	2019-07-27 07:51:53.000000000 +0000
+++ fig2dev-3.2.7a/debian/changelog	2019-12-04 21:12:49.000000000 +0000
@@ -1,3 +1,10 @@
+fig2dev (1:3.2.7a-5+deb10u2) buster; urgency=medium
+
+  * 41_CVE-2019-19555: Allow Fig v2 text strings ending with multiple ^A.
+    This fixes CVE-2019-19555 (Closes: #946176).
+
+ -- Roland Rosenfeld <roland@debian.org>  Wed, 04 Dec 2019 22:12:49 +0100
+
 fig2dev (1:3.2.7a-5+deb10u1) buster; urgency=medium
 
   * 40_circle_arrowhead: Do not segfault on circle/half circle arrowheads
diff -Nru fig2dev-3.2.7a/debian/patches/41_CVE-2019-19555.patch fig2dev-3.2.7a/debian/patches/41_CVE-2019-19555.patch
--- fig2dev-3.2.7a/debian/patches/41_CVE-2019-19555.patch	1970-01-01 00:00:00.000000000 +0000
+++ fig2dev-3.2.7a/debian/patches/41_CVE-2019-19555.patch	2019-12-04 21:12:49.000000000 +0000
@@ -0,0 +1,28 @@
+From: Thomas Loimer <thomas.loimer@tuwien.ac.at>
+Date:   Wed Dec 4 17:56:04 2019 +0100
+Bug: https://sourceforge.net/p/mcj/tickets/55
+Bug-Debian: https://bugs.debian.org/946176
+Origin: https://sourceforge.net/p/mcj/fig2dev/ci/19db5fe6f77ebad91af4b4ef0defd61bd0bb358f/
+Subject: Allow Fig v2 text strings ending with multiple ^A.
+ This fixes CVE-2019-19555
+
+--- a/fig2dev/read.c
++++ b/fig2dev/read.c
+@@ -3,7 +3,7 @@
+  * Copyright (c) 1991 by Micah Beck
+  * Parts Copyright (c) 1985-1988 by Supoj Sutanthavibul
+  * Parts Copyright (c) 1989-2015 by Brian V. Smith
+- * Parts Copyright (c) 2015-2018 by Thomas Loimer
++ * Parts Copyright (c) 2015-2019 by Thomas Loimer
+  *
+  * Any party obtaining a copy of these files is granted, free of charge, a
+  * full and unrestricted irrevocable, world-wide, paid up, royalty-free,
+@@ -1318,7 +1318,7 @@ read_textobject(FILE *fp)
+ 		If we do not find the CONTROL-A on this line then this must
+ 		be a multi-line text object and we will have to read more. */
+ 
+-	    n = sscanf(buf,"%*d%d%d%lf%d%d%d%lf%d%lf%lf%d%d%[^\1]%[\1]",
++	    n = sscanf(buf,"%*d%d%d%lf%d%d%d%lf%d%lf%lf%d%d%[^\1]%1[\1]",
+ 		&t->type, &t->font, &t->size, &t->pen,
+ 		&t->color, &t->depth, &t->angle,
+ 		&t->flags, &t->height, &t->length,
diff -Nru fig2dev-3.2.7a/debian/patches/series fig2dev-3.2.7a/debian/patches/series
--- fig2dev-3.2.7a/debian/patches/series	2019-07-27 07:51:53.000000000 +0000
+++ fig2dev-3.2.7a/debian/patches/series	2019-12-04 21:12:49.000000000 +0000
@@ -12,3 +12,4 @@
 37_pgf-etex.patch
 38_omit_showpage.patch
 40_circle_arrowhead.patch
+41_CVE-2019-19555.patch