Tue Oct 10 19:27:56 UTC 202320231010192756

ap/sqlite-3.43.2-x86_64-1.txz:  Upgraded.
l/libcue-2.2.1-x86_64-4.txz:  Rebuilt.
  Fixed a bug which could allow memory corruption resulting in arbitrary
  code execution.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2023-43641
  (* Security fix *)
l/libnotify-0.8.3-x86_64-1.txz:  Upgraded.
  This release contains a critical stability/minor security update which
  affects Electron applications that utilize Portal notifications (eg,
  through Flatpak). It is highly recommended that all users of libnotify
  0.8.x update to this release.
  (* Security fix *)
n/iptables-1.8.10-x86_64-1.txz:  Upgraded.

1 files changed, 24 insertions, 0 deletions

diff --git a/source/l/libcue/fdf72c8bded8d24cfa0608b8e97f2eed210a920e.patch b/source/l/libcue/fdf72c8bded8d24cfa0608b8e97f2eed210a920e.patch
new file mode 100644
index 000000000..b38727fdc
--- /dev/null
+++ b/source/l/libcue/fdf72c8bded8d24cfa0608b8e97f2eed210a920e.patch
@@ -0,0 +1,24 @@
+From fdf72c8bded8d24cfa0608b8e97f2eed210a920e Mon Sep 17 00:00:00 2001
+From: Kevin Backhouse <kevinbackhouse@github.com>
+Date: Wed, 27 Sep 2023 20:22:43 +0100
+Subject: [PATCH] Check that the array index isn't negative. This fixes
+ CVE-2023-43641.
+
+Signed-off-by: Kevin Backhouse <kevinbackhouse@github.com>
+---
+ cd.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/cd.c b/cd.c
+index cf77a18..4bbea19 100644
+--- a/cd.c
++++ b/cd.c
+@@ -339,7 +339,7 @@ track_get_rem(const Track* track)
+ 
+ void track_set_index(Track *track, int i, long ind)
+ {
+-	if (i > MAXINDEX) {
++	if (i < 0 || i > MAXINDEX) {
+ 		fprintf(stderr, "too many indexes\n");
+                 return;
+         }