Version in base suite: 2.2.0-4 Base version: libcdio_2.2.0-4 Target version: libcdio_2.2.0-4.1~deb13u1 Base file: /srv/ftp-master.debian.org/ftp/pool/main/libc/libcdio/libcdio_2.2.0-4.dsc Target file: /srv/ftp-master.debian.org/policy/pool/main/libc/libcdio/libcdio_2.2.0-4.1~deb13u1.dsc changelog | 13 +++++++ patches/Fix-buffer-overrun-for-Joliet-filenames.patch | 33 ++++++++++++++++++ patches/series | 1 3 files changed, 47 insertions(+) dpkg-source: warning: cannot verify inline signature for /srv/release.debian.org/tmp/tmprirurrym/libcdio_2.2.0-4.dsc: no acceptable signature found dpkg-source: warning: cannot verify inline signature for /srv/release.debian.org/tmp/tmprirurrym/libcdio_2.2.0-4.1~deb13u1.dsc: no acceptable signature found diff -Nru libcdio-2.2.0/debian/changelog libcdio-2.2.0/debian/changelog --- libcdio-2.2.0/debian/changelog 2025-04-03 03:13:22.000000000 +0000 +++ libcdio-2.2.0/debian/changelog 2026-04-17 20:26:52.000000000 +0000 @@ -1,3 +1,16 @@ +libcdio (2.2.0-4.1~deb13u1) trixie; urgency=medium + + * Rebuild for trixie + + -- Salvatore Bonaccorso Fri, 17 Apr 2026 22:26:52 +0200 + +libcdio (2.2.0-4.1) unstable; urgency=medium + + * Non-maintainer upload. + * Fix buffer overrun for Joliet filenames (CVE-2024-36600) (Closes: #1129256) + + -- Salvatore Bonaccorso Fri, 17 Apr 2026 21:01:39 +0200 + libcdio (2.2.0-4) unstable; urgency=medium * Remove "Multi-Arch: same" from -dev packages (Closes: #897327) diff -Nru libcdio-2.2.0/debian/patches/Fix-buffer-overrun-for-Joliet-filenames.patch libcdio-2.2.0/debian/patches/Fix-buffer-overrun-for-Joliet-filenames.patch --- libcdio-2.2.0/debian/patches/Fix-buffer-overrun-for-Joliet-filenames.patch 1970-01-01 00:00:00.000000000 +0000 +++ libcdio-2.2.0/debian/patches/Fix-buffer-overrun-for-Joliet-filenames.patch 2026-04-17 18:51:17.000000000 +0000 @@ -0,0 +1,33 @@ +From: Yuxin Wang +Date: Sun, 13 Jul 2025 13:53:17 +0800 +Subject: Fix buffer overrun for Joliet filenames +Origin: https://github.com/libcdio/libcdio/commit/417478a7474af41c27ab3f876f31783fa06a5dbc +Bug-Debian: https://bugs.debian.org/1129256 +Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2024-36600 + +Joliet uses UCS-2 (2 bytes per character), and converting to UTF-8 +may require up to 3 bytes per character. This patch increases the +buffer size by i_fname/2 to prevent buffer overrun. +--- + lib/iso9660/iso9660_fs.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/lib/iso9660/iso9660_fs.c b/lib/iso9660/iso9660_fs.c +index aa5adb6db74a..586b7435ac26 100644 +--- a/lib/iso9660/iso9660_fs.c ++++ b/lib/iso9660/iso9660_fs.c +@@ -859,6 +859,11 @@ _iso9660_dir_to_statbuf (iso9660_dir_t *p_iso9660_dir, + + /* .. string in statbuf is one longer than in p_iso9660_dir's listing '\1' */ + stat_len = sizeof(iso9660_stat_t) + i_fname + 2; ++#ifdef HAVE_JOLIET ++ if (u_joliet_level) { ++ stat_len += i_fname / 2; ++ } ++#endif + + /* Reuse multiextent p_stat if not NULL */ + if (!p_stat) { +-- +2.53.0 + diff -Nru libcdio-2.2.0/debian/patches/series libcdio-2.2.0/debian/patches/series --- libcdio-2.2.0/debian/patches/series 2025-04-03 03:13:22.000000000 +0000 +++ libcdio-2.2.0/debian/patches/series 2026-04-17 19:00:31.000000000 +0000 @@ -1,2 +1,3 @@ use-ncursesw.patch arm-t64-redirect-fix.patch +Fix-buffer-overrun-for-Joliet-filenames.patch