| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| 01-add-missing-shebang.patch | indent shebang bug | Helge Deller <deller@gmx.de> | no | debian | ||
| 02-restore-round-up-macro-and-adjust-initial-buffer-size.patch | Restore the ROUND_UP macro and adjust the initial buffer size. When need_chars was moved from "handletoken.h" to "handletoken.c", the ROUND_UP macro was removed, but the replacement was incorrect. This caused the program to exit with a "Virtual memory exhausted" error when it tried to reallocate 0 bytes (thus freeing the memory). It reallocated to 0 bytes because the initial buffer size was less than 1024, and the size calculation rounds down instead of up. |
Andrej Shadura <andrew@shadura.me> | no | debian upstream | ||
| 03-fix-an-out-of-buffer-read.patch | Fix an out-of-buffer read in search_brace()/lexi() | Petr Psa <ppisar@redhat.com> | yes | debian | ||
| 04-fix-a-heap-buffer-overwrite.patch | Fix a heap buffer overwrite in search_brace() (CVE-2023-40305) | Petr Psa <ppisar@redhat.com> | yes | debian | ||
| 05-fix-a-heap-buffer-underread-in-set-buf-break.patch | Fix a heap buffer underread in set_buf_break() | Petr Psa <ppisar@redhat.com> | yes | debian |