From da9ad583917343e20458e3f37df709f92151d310 Mon Sep 17 00:00:00 2001
From: Bdale Garbee <bdale@gag.com>
Date: Thu, 21 Jan 2010 07:45:06 +1300
Subject: [PATCH] fix for CVE-2010-0001

---
 debian/changelog | 8 ++++++--
 unlzw.c          | 3 ++-
 2 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index 4a5982f..59c62c9 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,8 +1,12 @@
-gzip (1.3.12-9) UNRELEASED; urgency=low
+gzip (1.3.12-9) unstable; urgency=high
 
+  * fix applied for CVE-2010-0001 which identified an integer underflow when 
+    decompressing files that are compressed using the LZW algorithm. This 
+    could lead to the execution of arbitrary code when trying to decompress 
+    a crafted LZW compressed gzip archive.
   * switch to using dh_lintian for override delivery
 
- -- Bdale Garbee <bdale@gag.com>  Thu, 18 Jun 2009 14:15:42 -0600
+ -- Bdale Garbee <bdale@gag.com>  Thu, 21 Jan 2010 07:38:41 +1300
 
 gzip (1.3.12-8) unstable; urgency=low
 
diff --git a/unlzw.c b/unlzw.c
index a330f98..daef155 100644
--- a/unlzw.c
+++ b/unlzw.c
@@ -248,7 +248,8 @@ int unlzw(in, out)
 	int  o;
 
     resetbuf:
-	e = insize-(o = (posbits>>3));
+	o = posbits >> 3;
+	e = o <= insize ? insize - o : 0;
 
 	for (i = 0 ; i < e ; ++i) {
 	    inbuf[i] = inbuf[i+o];
-- 
2.39.5