Package: mujs / 1.1.0-1+deb11u3

Metadata

Package Version Patches format
mujs 1.1.0-1+deb11u3 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
Install versioned shared library.patch | (download)

Makefile | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 
 install versioned shared library
Set the right .pc version.patch | (download)

Makefile | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 
 set the right .pc version
Clear jump list after patching jump addresses.patch | (download)

jscompile.c | 20 12 + 8 - 0 !
1 file changed, 12 insertions(+), 8 deletions(-)

 
 bug 704749: clear jump list after patching jump addresses.

Since we can emit a statement multiple times when compiling try/finally
we have to use a new patch list for each instance.
Check stack overflow during regexp compilation.patch | (download)

regexp.c | 21 11 + 10 - 0 !
1 file changed, 11 insertions(+), 10 deletions(-)

 
 issue #162: check stack overflow during regexp compilation.

Only bother checking during the first compilation pass that counts
the size of the program.
Cope with empty programs in mujs pp.patch | (download)

jsdump.c | 24 14 + 10 - 0 !
1 file changed, 14 insertions(+), 10 deletions(-)

 
 issue #161: cope with empty programs in mujs-pp.
Dont fclose a FILE that is NULL.patch | (download)

pp.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 
 issue #161: don't fclose a file that is null.
Fix use after free in getOwnPropertyDescriptor.patch | (download)

jsobject.c | 14 7 + 7 - 0 !
1 file changed, 7 insertions(+), 7 deletions(-)

 
 bug 706057: fix use-after-free in getownpropertydescriptor.

getOwnPropertyDescriptor should create the descriptor object by
using [[DefineOwnProperty]], and not by looking through the prototype
chain where it may invoke getters and setters on the Object.prototype.

If there exists an Object.prototype.get property with a setter, that method is
invoked when it shouldn't. A malicious getter here can delete the property
currently being processed in getOwnPropertyDescriptor, and we'll end up
with a use-after-free bug.

Avoid this problem by following the spec and use js_defproperty rather than
js_setproperty to define own properties in getOwnPropertyDescriptor and
related functions.
CVE 2021 33797.patch | (download)

jsdtoa.c | 4 3 + 1 - 0 !
1 file changed, 3 insertions(+), 1 deletion(-)

 
 issue #148: check for overflow when reading floating point exponent.

GCC with -O2 optimizes away the if(exp<-maxExponent) branch completely,
so we don't end up with the expected '512' value for overflowing
exponents. Limit the exponent parsing to MAX_INT instead to prevent
signed overflow from tripping up over-eager optimizing compilers.