Package: release.debian.org Severity: normal User: release.debian.org@packages.debian.org Usertags: unblock Please unblock package libtasn1-6: * Pull 20_CVE-2015-2806.diff from upstream 4.4 release to correct a two-byte stack overflow in asn1_der_decoding. CVE-2015-2806. I have tried to make a minimal upload but have accidentally pulled another one-line-change from experimental: -Standards-Version: 3.9.6 +Standards-Version: 3.9.5 Please tell if that a blocker for the unblock. cu Andreas Hope you do not mind too badly. -- `What a good friend you are to him, Dr. Maturin. His other friends are so grateful to you.' `I sew his ears on from time to time, sure'
[The following lists of changes regard files as different if they have different names, permissions or owners.] Files only in first set of .debs, found in package libtasn1-6-dbg ----------------------------------------------------------------- -rw-r--r-- root/root /usr/lib/debug/.build-id/06/4a3407490e9ec4b4c0246698ab85d0f8111e57.debug -rw-r--r-- root/root /usr/lib/debug/.build-id/35/08b98f822cd502a960ffae3675d10abc6087d2.debug -rw-r--r-- root/root /usr/lib/debug/.build-id/42/b6f5a4d276910c06a73d9881f2265dd8230f99.debug -rw-r--r-- root/root /usr/lib/debug/.build-id/ff/9340e6a5429f65e0975c78253cc14beb70d18e.debug New files in second set of .debs, found in package libtasn1-6-dbg ----------------------------------------------------------------- -rw-r--r-- root/root /usr/lib/debug/.build-id/48/8079d17ff66d0d5f020bad8064461738a517f3.debug -rw-r--r-- root/root /usr/lib/debug/.build-id/79/26cc1d28119e02941c706c0081d41583becec1.debug -rw-r--r-- root/root /usr/lib/debug/.build-id/8f/137df2d7900897b4e1a8de1da1008d91d0adb7.debug -rw-r--r-- root/root /usr/lib/debug/.build-id/e7/38fc95f429961b5ad0df3a39ba7e9b0741df90.debug Control files of package libtasn1-3-bin: lines which differ (wdiff format) -------------------------------------------------------------------------- Depends: libtasn1-bin (>= [-4.2-2)-] {+4.2-3)+} Version: [-4.2-2-] {+4.2-3+} Control files of package libtasn1-6: lines which differ (wdiff format) ---------------------------------------------------------------------- Version: [-4.2-2-] {+4.2-3+} Control files of package libtasn1-6-dbg: lines which differ (wdiff format) -------------------------------------------------------------------------- Depends: libtasn1-6 (= [-4.2-2)-] {+4.2-3)+} Version: [-4.2-2-] {+4.2-3+} Control files of package libtasn1-6-dev: lines which differ (wdiff format) -------------------------------------------------------------------------- Depends: libtasn1-6 (= [-4.2-2)-] {+4.2-3)+} Recommends: libtasn1-doc (= [-4.2-2)-] {+4.2-3)+} Version: [-4.2-2-] {+4.2-3+} Control files of package libtasn1-bin: lines which differ (wdiff format) ------------------------------------------------------------------------ Version: [-4.2-2-] {+4.2-3+} Control files of package libtasn1-doc: lines which differ (wdiff format) ------------------------------------------------------------------------ Version: [-4.2-2-] {+4.2-3+} diff -Nru libtasn1-6-4.2/debian/changelog libtasn1-6-4.2/debian/changelog --- libtasn1-6-4.2/debian/changelog 2014-10-07 19:23:13.000000000 +0200 +++ libtasn1-6-4.2/debian/changelog 2015-04-04 08:04:36.000000000 +0200 @@ -1,3 +1,10 @@ +libtasn1-6 (4.2-3) unstable; urgency=medium + + * Pull 20_CVE-2015-2806.diff from upstream 4.4 release to correct a + two-byte stack overflow in asn1_der_decoding. CVE-2015-2806. + + -- Andreas Metzler <ametzler@debian.org> Sat, 04 Apr 2015 08:04:32 +0200 + libtasn1-6 (4.2-2) unstable; urgency=medium * libtasn1-doc also needs to have a versioned Breaks/Replaces against diff -Nru libtasn1-6-4.2/debian/control libtasn1-6-4.2/debian/control --- libtasn1-6-4.2/debian/control 2014-10-07 19:24:10.000000000 +0200 +++ libtasn1-6-4.2/debian/control 2015-04-04 08:01:37.000000000 +0200 @@ -4,7 +4,7 @@ Uploaders: Andreas Metzler <ametzler@debian.org>, Eric Dorland <eric@debian.org>, James Westby <jw+debian@jameswestby.net>, Simon Josefsson <simon@josefsson.org> Build-Depends: debhelper (>= 9), bison, autotools-dev Build-Depends-Indep: gtk-doc-tools, texinfo, texlive-latex-base -Standards-Version: 3.9.6 +Standards-Version: 3.9.5 Priority: standard Vcs-Git: git://anonscm.debian.org/pkg-gnutls/libtasn1.git Vcs-Browser: http://anonscm.debian.org/gitweb/?p=pkg-gnutls/libtasn1.git diff -Nru libtasn1-6-4.2/debian/patches/20_CVE-2015-2806.diff libtasn1-6-4.2/debian/patches/20_CVE-2015-2806.diff --- libtasn1-6-4.2/debian/patches/20_CVE-2015-2806.diff 1970-01-01 01:00:00.000000000 +0100 +++ libtasn1-6-4.2/debian/patches/20_CVE-2015-2806.diff 2015-04-04 08:02:55.000000000 +0200 @@ -0,0 +1,56 @@ +From 4d4f992826a4962790ecd0cce6fbba4a415ce149 Mon Sep 17 00:00:00 2001 +From: Nikos Mavrogiannopoulos <nmav@gnutls.org> +Date: Thu, 26 Mar 2015 18:34:57 +0100 +Subject: [PATCH] increased size of LTOSTR_MAX_SIZE to account for sign and + null byte +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +This address an overflow found by Hanno Böck in DER decoding. +--- + lib/parser_aux.c | 4 ++-- + lib/parser_aux.h | 5 +++-- + 2 files changed, 5 insertions(+), 4 deletions(-) + +diff --git a/lib/parser_aux.c b/lib/parser_aux.c +index d3e9009..da9a388 100644 +--- a/lib/parser_aux.c ++++ b/lib/parser_aux.c +@@ -543,7 +543,7 @@ _asn1_delete_list_and_nodes (void) + + + char * +-_asn1_ltostr (long v, char *str) ++_asn1_ltostr (long v, char str[LTOSTR_MAX_SIZE]) + { + long d, r; + char temp[LTOSTR_MAX_SIZE]; +@@ -567,7 +567,7 @@ _asn1_ltostr (long v, char *str) + count++; + v = d; + } +- while (v); ++ while (v && ((start+count) < LTOSTR_MAX_SIZE-1)); + + for (k = 0; k < count; k++) + str[k + start] = temp[start + count - k - 1]; +diff --git a/lib/parser_aux.h b/lib/parser_aux.h +index 55d9061..437f1c8 100644 +--- a/lib/parser_aux.h ++++ b/lib/parser_aux.h +@@ -52,8 +52,9 @@ void _asn1_delete_list (void); + + void _asn1_delete_list_and_nodes (void); + +-#define LTOSTR_MAX_SIZE 20 +-char *_asn1_ltostr (long v, char *str); ++/* Max 64-bit integer length is 20 chars + 1 for sign + 1 for null termination */ ++#define LTOSTR_MAX_SIZE 22 ++char *_asn1_ltostr (long v, char str[LTOSTR_MAX_SIZE]); + + asn1_node _asn1_find_up (asn1_node node); + +-- +2.1.4 + diff -Nru libtasn1-6-4.2/debian/patches/series libtasn1-6-4.2/debian/patches/series --- libtasn1-6-4.2/debian/patches/series 1970-01-01 01:00:00.000000000 +0100 +++ libtasn1-6-4.2/debian/patches/series 2015-04-04 08:03:09.000000000 +0200 @@ -0,0 +1 @@ +20_CVE-2015-2806.diff
Attachment:
signature.asc
Description: Digital signature