--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: jessie-pu: package minicom/2.7-1+deb8u1
- From: Salvatore Bonaccorso <carnil@debian.org>
- Date: Mon, 24 Apr 2017 09:31:46 +0200
- Message-id: <149301910698.28313.9477978822690462709.reportbug@lorien.valinor.li>
Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian.org@packages.debian.org
Usertags: pu
Hi
A DSA for minicom is not needed, and given the next point release is
approaching, I would like to propose to fix CVE-2017-7467, which is
#860940 in the BTS, via a point release.
Attached the debdiff.
Regards,
Salvatore
diff -Nru minicom-2.7/debian/changelog minicom-2.7/debian/changelog
--- minicom-2.7/debian/changelog 2014-01-01 10:28:01.000000000 +0100
+++ minicom-2.7/debian/changelog 2017-04-24 09:03:48.000000000 +0200
@@ -1,3 +1,11 @@
+minicom (2.7-1+deb8u1) jessie; urgency=high
+
+ * Non-maintainer upload.
+ * Add ARRAY_SIZE macro
+ * CVE-2017-7467: Out of bounds write in vt100.c (Closes: #860940)
+
+ -- Salvatore Bonaccorso <carnil@debian.org> Mon, 24 Apr 2017 09:03:48 +0200
+
minicom (2.7-1) unstable; urgency=low
* New upstream release, closes: #707564 (configurable status line).
diff -Nru minicom-2.7/debian/patches/Add-ARRAY_SIZE-macro.diff minicom-2.7/debian/patches/Add-ARRAY_SIZE-macro.diff
--- minicom-2.7/debian/patches/Add-ARRAY_SIZE-macro.diff 1970-01-01 01:00:00.000000000 +0100
+++ minicom-2.7/debian/patches/Add-ARRAY_SIZE-macro.diff 2017-04-24 09:03:48.000000000 +0200
@@ -0,0 +1,19 @@
+# HG changeset patch
+# User Adam Lackorzynski <adam@os.inf.tu-dresden.de>
+# Date 1440364600 -7200
+# Node ID 4eff7b4cde33a56d9caf64e44722186c89e26922
+# Parent 3cb4335d5819099c85a30dae714f0a213fa4a44c
+Add ARRAY_SIZE macro
+
+diff -r 3cb4335d5819 -r 4eff7b4cde33 src/minicom.h
+--- a/src/minicom.h Mon Jun 29 21:16:14 2015 +0200
++++ b/src/minicom.h Sun Aug 23 23:16:40 2015 +0200
+@@ -303,6 +303,7 @@
+ int lockfile_create(int no_msgs);
+ void lockfile_remove(void);
+
++#define ARRAY_SIZE(a) (sizeof(a) / sizeof(a[0]))
+
+
+ /* We want the ANSI offsetof macro to do some dirty stuff. */
+
diff -Nru minicom-2.7/debian/patches/CVE-2017-7467.diff minicom-2.7/debian/patches/CVE-2017-7467.diff
--- minicom-2.7/debian/patches/CVE-2017-7467.diff 1970-01-01 01:00:00.000000000 +0100
+++ minicom-2.7/debian/patches/CVE-2017-7467.diff 2017-04-24 09:03:48.000000000 +0200
@@ -0,0 +1,33 @@
+# HG changeset patch
+# User Adam Lackorzynski <adam@os.inf.tu-dresden.de>
+# Date 1492510834 -7200
+# Node ID c33d24938f3ed3dc2b7d328fe255794468a814eb
+# Parent c72edf0e43bca463239ea15594d128ecbc0d2574
+Fix CVE-2017-7467, a remote exploitalbe out of bound access
+
+This fixes an out of bounds data access that can lead to a
+remotely exploitable code execution.
+
+This issue was found by Solar Designer of Openwall during a
+security audit of the Virtuozzo 7 product, which contains
+derived downstream code in its prl-vzvncserver component.
+The corresponding Virtuozzo 7 fix is:
+
+https://src.openvz.org/projects/OVZ/repos/prl-vzvncserver/commits/6d95404e75b98f36b1cc85ee23df99dcf06ca13f
+
+Openwall would like to thank the Virtuozzo company for
+funding the effort.
+
+diff -r c72edf0e43bc -r c33d24938f3e src/vt100.c
+--- a/src/vt100.c Sat Sep 17 02:17:37 2016 +0200
++++ b/src/vt100.c Tue Apr 18 12:20:34 2017 +0200
+@@ -428,7 +428,7 @@
+ }
+ /* Separation between numbers ? */
+ if (c == ';') {
+- if (ptr < 15)
++ if (ptr < (int)ARRAY_SIZE(escparms) - 1)
+ ptr++;
+ return;
+ }
+
diff -Nru minicom-2.7/debian/patches/series minicom-2.7/debian/patches/series
--- minicom-2.7/debian/patches/series 2014-01-01 10:21:15.000000000 +0100
+++ minicom-2.7/debian/patches/series 2017-04-24 09:03:48.000000000 +0200
@@ -2,3 +2,5 @@
01manual.diff
03norzsz.diff
470582_history_buffer_msg.diff
+Add-ARRAY_SIZE-macro.diff
+CVE-2017-7467.diff
--- End Message ---