Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
---|---|---|---|---|---|---|
0001-widechar-off-by-one.patch | [PATCH] utils: Fix off-by-one error in pe_utils_str_widechar2ascii. | Jardel Weyrich <jweyrich@gmail.com> | no | debian | https://github.com/merces/libpe/commit/5737a97c57be175333fc0c6f51bb2cdd7101c17e | 2021-01-18 |
0002-makefile-hardening.patch | Makefile patch to support dpkg-buildflags hardening | David da Silva Polverari <david.polverari@gmail.com> | yes | 2021-08-18 | ||
0003-makefile-reproducible.patch | Makefile patch to enable reproducible builds | David da Silva Polverari <david.polverari@gmail.com> | yes | 2021-08-18 | ||
0004-avoid-fixed-path.patch | eliminate PATH_MAX usage | no | backport, https://github.com/merces/pev/commit/4f38c0922e1d4c84b95935e69bd37d523b98b926 | 2021-10-14 | ||
0005-fix-ftbs-hurd-kfreebsd.patch | fix FTBFS on Debian GNU/Hurd and Debian GNU/kFreeBSD | David da Silva Polverari <david.polverari@gmail.com> | no | 2022-02-08 | ||
0006-fix-bo-pe_exports.patch | fix a buffer overflow vulnerability (CVE-2021-45423) A Buffer Overflow vulnerability exists in Pev 0.81 via the pe_exports function from exports.c. The array offsets_to_Names is dynamically allocated on the stack using exp->NumberOfFunctions as its size. However, the loop uses exp->NumberOfNames to iterate over it and set its components value. Therefore, the loop code assumes that exp->NumberOfFunctions is greater than ordinal at each iteration. This can lead to arbitrary code execution. |
Saullo Carvalho Castelo Branco <saullocarvalho@gmail.com> | yes | debian upstream | upstream, https://github.com/merces/libpe/commit/5f44724e8fcdebf8a6b9fd009543c9dcfae4ea32 | 2023-04-22 |