Version in base suite: 2.3.0-7

Base version: pngcheck_2.3.0-7
Target version: pngcheck_2.3.0-7+deb10u1
Base file: /srv/ftp-master.debian.org/ftp/pool/main/p/pngcheck/pngcheck_2.3.0-7.dsc
Target file: /srv/ftp-master.debian.org/policy/pool/main/p/pngcheck/pngcheck_2.3.0-7+deb10u1.dsc

 changelog                            |    7 +++++++
 patches/60-fix-buffer-overflow.patch |   26 ++++++++++++++++++++++++++
 patches/series                       |    1 +
 3 files changed, 34 insertions(+)

gpgv: Signature made Tue Jul 16 08:26:35 2013 UTC
gpgv:                using DSA key 2C045542C9B55DAC
gpgv: Can't check signature: No public key
dpkg-source: warning: failed to verify signature on /srv/release.debian.org/tmp/tmplgpa1gme/pngcheck_2.3.0-7.dsc
diff -Nru pngcheck-2.3.0/debian/changelog pngcheck-2.3.0/debian/changelog
--- pngcheck-2.3.0/debian/changelog	2013-06-26 09:28:27.000000000 +0000
+++ pngcheck-2.3.0/debian/changelog	2020-12-08 18:54:24.000000000 +0000
@@ -1,3 +1,10 @@
+pngcheck (2.3.0-7+deb10u1) buster; urgency=high
+
+  * debian/patches/60-fix-buffer-overflow.patch: added to fix CVE-2020-27818.
+    Thanks to Salvatore Bonaccorso <carnil@debian.org>. (Closes: #976350)
+
+ -- David da Silva Polverari <david.polverari@gmail.com>  Tue, 08 Dec 2020 18:54:24 +0000
+
 pngcheck (2.3.0-7) unstable; urgency=low
 
   * debian/control
diff -Nru pngcheck-2.3.0/debian/patches/60-fix-buffer-overflow.patch pngcheck-2.3.0/debian/patches/60-fix-buffer-overflow.patch
--- pngcheck-2.3.0/debian/patches/60-fix-buffer-overflow.patch	1970-01-01 00:00:00.000000000 +0000
+++ pngcheck-2.3.0/debian/patches/60-fix-buffer-overflow.patch	2020-12-04 21:32:08.000000000 +0000
@@ -0,0 +1,26 @@
+Description: Fix buffer overflow reported in RHBZ #1897485.
+ When char is signed, casting to a (signed) int directly could produce a
+ negative offset into the ASCII lookup table; adding an intermediate cast to
+ uch (a typedef for unsigned char) ensures a nonnegative offset no greater than
+ 255, which always corresponds to a valid table index.
+Origin: vendor, https://src.fedoraproject.org/rpms/pngcheck/blob/cc48791e34201caf7b686084b735d06cef66c974/f/pngcheck-2.4.0-overflow-bz1897485.patch
+Bug-Debian: https://bugs.debian.org/976350
+Forwarded: no
+Reviewed-By: David da Silva Polverari <david.polverari@gmail.com>
+Last-Update: 2020-12-04
+
+--- a/pngcheck.c
++++ b/pngcheck.c
+@@ -4895,8 +4895,10 @@
+ /* GRR 20061203:  now EBCDIC-safe */
+ int check_chunk_name(char *chunk_name, char *fname)
+ {
+-  if (isASCIIalpha((int)chunk_name[0]) && isASCIIalpha((int)chunk_name[1]) &&
+-      isASCIIalpha((int)chunk_name[2]) && isASCIIalpha((int)chunk_name[3]))
++  if (isASCIIalpha((int)(uch)chunk_name[0]) &&
++      isASCIIalpha((int)(uch)chunk_name[1]) &&
++      isASCIIalpha((int)(uch)chunk_name[2]) &&
++      isASCIIalpha((int)(uch)chunk_name[3]))
+     return 0;
+ 
+   printf("%s%s  invalid chunk name \"%.*s\" (%02x %02x %02x %02x)\n",
diff -Nru pngcheck-2.3.0/debian/patches/series pngcheck-2.3.0/debian/patches/series
--- pngcheck-2.3.0/debian/patches/series	2013-06-26 09:28:27.000000000 +0000
+++ pngcheck-2.3.0/debian/patches/series	2020-12-04 21:32:08.000000000 +0000
@@ -1,2 +1,3 @@
 10-pngsplit-format-strings.patch
 20-pngsplit-long-options.patch
+60-fix-buffer-overflow.patch