Bug#782349: unblock: libtasn1-6/4.2-3

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#782349: unblock: libtasn1-6/4.2-3
From: Andreas Metzler <ametzler@bebt.de>
Date: Fri, 10 Apr 2015 19:30:05 +0200
Message-id: <[🔎] 20150410173005.GA1183@downhill.g.la>
Reply-to: Andreas Metzler <ametzler@bebt.de>, 782349@bugs.debian.org

Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

Please unblock package libtasn1-6:
 * Pull 20_CVE-2015-2806.diff from upstream 4.4 release to correct a
   two-byte stack overflow in asn1_der_decoding. CVE-2015-2806.

I have tried to make a minimal upload but have accidentally pulled
another one-line-change from experimental:
-Standards-Version: 3.9.6
+Standards-Version: 3.9.5

Please tell if that a blocker for the unblock.

cu Andreas


Hope you do not mind too badly.
-- 
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'

[The following lists of changes regard files as different if they have
different names, permissions or owners.]

Files only in first set of .debs, found in package libtasn1-6-dbg
-----------------------------------------------------------------
-rw-r--r--  root/root   /usr/lib/debug/.build-id/06/4a3407490e9ec4b4c0246698ab85d0f8111e57.debug
-rw-r--r--  root/root   /usr/lib/debug/.build-id/35/08b98f822cd502a960ffae3675d10abc6087d2.debug
-rw-r--r--  root/root   /usr/lib/debug/.build-id/42/b6f5a4d276910c06a73d9881f2265dd8230f99.debug
-rw-r--r--  root/root   /usr/lib/debug/.build-id/ff/9340e6a5429f65e0975c78253cc14beb70d18e.debug

New files in second set of .debs, found in package libtasn1-6-dbg
-----------------------------------------------------------------
-rw-r--r--  root/root   /usr/lib/debug/.build-id/48/8079d17ff66d0d5f020bad8064461738a517f3.debug
-rw-r--r--  root/root   /usr/lib/debug/.build-id/79/26cc1d28119e02941c706c0081d41583becec1.debug
-rw-r--r--  root/root   /usr/lib/debug/.build-id/8f/137df2d7900897b4e1a8de1da1008d91d0adb7.debug
-rw-r--r--  root/root   /usr/lib/debug/.build-id/e7/38fc95f429961b5ad0df3a39ba7e9b0741df90.debug


Control files of package libtasn1-3-bin: lines which differ (wdiff format)
--------------------------------------------------------------------------
Depends: libtasn1-bin (>= [-4.2-2)-] {+4.2-3)+}
Version: [-4.2-2-] {+4.2-3+}

Control files of package libtasn1-6: lines which differ (wdiff format)
----------------------------------------------------------------------
Version: [-4.2-2-] {+4.2-3+}

Control files of package libtasn1-6-dbg: lines which differ (wdiff format)
--------------------------------------------------------------------------
Depends: libtasn1-6 (= [-4.2-2)-] {+4.2-3)+}
Version: [-4.2-2-] {+4.2-3+}

Control files of package libtasn1-6-dev: lines which differ (wdiff format)
--------------------------------------------------------------------------
Depends: libtasn1-6 (= [-4.2-2)-] {+4.2-3)+}
Recommends: libtasn1-doc (= [-4.2-2)-] {+4.2-3)+}
Version: [-4.2-2-] {+4.2-3+}

Control files of package libtasn1-bin: lines which differ (wdiff format)
------------------------------------------------------------------------
Version: [-4.2-2-] {+4.2-3+}

Control files of package libtasn1-doc: lines which differ (wdiff format)
------------------------------------------------------------------------
Version: [-4.2-2-] {+4.2-3+}
diff -Nru libtasn1-6-4.2/debian/changelog libtasn1-6-4.2/debian/changelog
--- libtasn1-6-4.2/debian/changelog	2014-10-07 19:23:13.000000000 +0200
+++ libtasn1-6-4.2/debian/changelog	2015-04-04 08:04:36.000000000 +0200
@@ -1,3 +1,10 @@
+libtasn1-6 (4.2-3) unstable; urgency=medium
+
+  * Pull 20_CVE-2015-2806.diff from upstream 4.4 release to correct a
+    two-byte stack overflow in asn1_der_decoding. CVE-2015-2806.
+
+ -- Andreas Metzler <ametzler@debian.org>  Sat, 04 Apr 2015 08:04:32 +0200
+
 libtasn1-6 (4.2-2) unstable; urgency=medium
 
   * libtasn1-doc also needs to have a versioned Breaks/Replaces against
diff -Nru libtasn1-6-4.2/debian/control libtasn1-6-4.2/debian/control
--- libtasn1-6-4.2/debian/control	2014-10-07 19:24:10.000000000 +0200
+++ libtasn1-6-4.2/debian/control	2015-04-04 08:01:37.000000000 +0200
@@ -4,7 +4,7 @@
 Uploaders: Andreas Metzler <ametzler@debian.org>, Eric Dorland <eric@debian.org>, James Westby <jw+debian@jameswestby.net>, Simon Josefsson <simon@josefsson.org>
 Build-Depends: debhelper (>= 9), bison,  autotools-dev
 Build-Depends-Indep: gtk-doc-tools, texinfo, texlive-latex-base
-Standards-Version: 3.9.6
+Standards-Version: 3.9.5
 Priority: standard
 Vcs-Git: git://anonscm.debian.org/pkg-gnutls/libtasn1.git
 Vcs-Browser: http://anonscm.debian.org/gitweb/?p=pkg-gnutls/libtasn1.git
diff -Nru libtasn1-6-4.2/debian/patches/20_CVE-2015-2806.diff libtasn1-6-4.2/debian/patches/20_CVE-2015-2806.diff
--- libtasn1-6-4.2/debian/patches/20_CVE-2015-2806.diff	1970-01-01 01:00:00.000000000 +0100
+++ libtasn1-6-4.2/debian/patches/20_CVE-2015-2806.diff	2015-04-04 08:02:55.000000000 +0200
@@ -0,0 +1,56 @@
+From 4d4f992826a4962790ecd0cce6fbba4a415ce149 Mon Sep 17 00:00:00 2001
+From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
+Date: Thu, 26 Mar 2015 18:34:57 +0100
+Subject: [PATCH] increased size of LTOSTR_MAX_SIZE to account for sign and
+ null byte
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+This address an overflow found by Hanno Böck in DER decoding.
+---
+ lib/parser_aux.c | 4 ++--
+ lib/parser_aux.h | 5 +++--
+ 2 files changed, 5 insertions(+), 4 deletions(-)
+
+diff --git a/lib/parser_aux.c b/lib/parser_aux.c
+index d3e9009..da9a388 100644
+--- a/lib/parser_aux.c
++++ b/lib/parser_aux.c
+@@ -543,7 +543,7 @@ _asn1_delete_list_and_nodes (void)
+ 
+ 
+ char *
+-_asn1_ltostr (long v, char *str)
++_asn1_ltostr (long v, char str[LTOSTR_MAX_SIZE])
+ {
+   long d, r;
+   char temp[LTOSTR_MAX_SIZE];
+@@ -567,7 +567,7 @@ _asn1_ltostr (long v, char *str)
+       count++;
+       v = d;
+     }
+-  while (v);
++  while (v && ((start+count) < LTOSTR_MAX_SIZE-1));
+ 
+   for (k = 0; k < count; k++)
+     str[k + start] = temp[start + count - k - 1];
+diff --git a/lib/parser_aux.h b/lib/parser_aux.h
+index 55d9061..437f1c8 100644
+--- a/lib/parser_aux.h
++++ b/lib/parser_aux.h
+@@ -52,8 +52,9 @@ void _asn1_delete_list (void);
+ 
+ void _asn1_delete_list_and_nodes (void);
+ 
+-#define LTOSTR_MAX_SIZE 20
+-char *_asn1_ltostr (long v, char *str);
++/* Max 64-bit integer length is 20 chars + 1 for sign + 1 for null termination */
++#define LTOSTR_MAX_SIZE 22
++char *_asn1_ltostr (long v, char str[LTOSTR_MAX_SIZE]);
+ 
+ asn1_node _asn1_find_up (asn1_node node);
+ 
+-- 
+2.1.4
+
diff -Nru libtasn1-6-4.2/debian/patches/series libtasn1-6-4.2/debian/patches/series
--- libtasn1-6-4.2/debian/patches/series	1970-01-01 01:00:00.000000000 +0100
+++ libtasn1-6-4.2/debian/patches/series	2015-04-04 08:03:09.000000000 +0200
@@ -0,0 +1 @@
+20_CVE-2015-2806.diff

Attachment: signature.asc
Description: Digital signature

Reply to:

Follow-Ups:
- Bug#782349: marked as done (unblock: libtasn1-6/4.2-3)
  - From: owner@bugs.debian.org (Debian Bug Tracking System)

Prev by Date: Re: Hints for d-i jessie RC3, part 2
Next by Date: Bug#782352: unblock: mkvmlinuz/37
Previous by thread: Processed: Re: Bug#780321: unblock: openldap/2.4.40+dfsg-1 (pre-approval)
Next by thread: Bug#782349: marked as done (unblock: libtasn1-6/4.2-3)
Index(es):
- Date
- Thread