Bug#1038253: marked as done (cpdb-libs: CVE-2023-34095)
Your message dated Wed, 28 Jun 2023 15:20:26 +0000
with message-id <E1qEWy2-0070UN-5a@fasolo.debian.org>
and subject line Bug#1038253: fixed in cpdb-libs 1.2.0-3
has caused the Debian Bug report #1038253,
regarding cpdb-libs: CVE-2023-34095
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)
--
1038253: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1038253
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
Source: cpdb-libs
Version: 1.2.0-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: carnil@debian.org, Debian Security Team <team@security.debian.org>
Hi,
The following vulnerability was published for cpdb-libs.
CVE-2023-34095[0]:
| cpdb-libs provides frontend and backend libraries for the Common
| Printing Dialog Backends (CPDB) project. In versions 1.0 through
| 2.0b4, cpdb-libs is vulnerable to buffer overflows via improper use
| of `scanf(3)`. cpdb-libs uses the `fscanf()` and `scanf()` functions
| to parse command lines and configuration files, dropping the read
| string components into fixed-length buffers, but does not limit the
| length of the strings to be read by `fscanf()` and `scanf()` causing
| buffer overflows when a string is longer than 1023 characters. A
| patch for this issue is available at commit
| f181bd1f14757c2ae0f17cc76dc20421a40f30b7. As all buffers have a
| length of 1024 characters, the patch limits the maximum string
| length to be read to 1023 by replacing all occurrences of `%s` with
| `%1023s` in all calls of the `fscanf()` and `scanf()` functions.
Note, that 1.2.x predates the comit 3f66d47252d5 ("print_frontend: Use
larger and more easily adjustable string buffers") and so the older
version is only using buffers of 100 characters of length.
Additionally basically the fix consists of searching of all 'fscanf()'
and 'scanf()' usages, and replace the '%s' occurences accordingly.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2023-34095
https://www.cve.org/CVERecord?id=CVE-2023-34095
[1] https://github.com/OpenPrinting/cpdb-libs/security/advisories/GHSA-25j7-9gfc-f46x
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: cpdb-libs
Source-Version: 1.2.0-3
Done: Thorsten Alteholz <debian@alteholz.de>
We believe that the bug you reported is fixed in the latest version of
cpdb-libs, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1038253@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Thorsten Alteholz <debian@alteholz.de> (supplier of updated cpdb-libs package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 27 Jun 2023 22:03:02 +0200
Source: cpdb-libs
Architecture: source
Version: 1.2.0-3
Distribution: unstable
Urgency: medium
Maintainer: Debian Printing Team <debian-printing@lists.debian.org>
Changed-By: Thorsten Alteholz <debian@alteholz.de>
Closes: 1038253
Changes:
cpdb-libs (1.2.0-3) unstable; urgency=medium
.
* CVE-2023-34095 (Closes: #1038253)
buffer overflow via improper use of scanf()/fscanf()
Checksums-Sha1:
dbebab3b1be2233717c3f0fcdae3ba4eb862374c 2739 cpdb-libs_1.2.0-3.dsc
664496b6709f44ecfc6d7a58a22ee691023660a3 16711 cpdb-libs_1.2.0.orig.tar.gz
93868b019b487467e7a01c08a5c3626526ec8711 7836 cpdb-libs_1.2.0-3.debian.tar.xz
b1b5aaf6114b3274e2daa8d1221f794c3a8bde36 10945 cpdb-libs_1.2.0-3_amd64.buildinfo
Checksums-Sha256:
c2cdec137271ac5810faaa6d7a5e287ed21337ff5786b9c92bed4236ed84cae6 2739 cpdb-libs_1.2.0-3.dsc
f30a172bc44aed667bc15de200907098e8eeced1a53bd68f5bfa8a5e82fe8990 16711 cpdb-libs_1.2.0.orig.tar.gz
b2b637f2f36463a8c60f897ffa51547c33483f6eb7698bdb33c03e0c472188d8 7836 cpdb-libs_1.2.0-3.debian.tar.xz
a741d8c101269cd363802ca2de53e2fc6174f4b111a9fcfa8ae320042102f871 10945 cpdb-libs_1.2.0-3_amd64.buildinfo
Files:
1a69840d414ffe622abba3e37b4b6be4 2739 net optional cpdb-libs_1.2.0-3.dsc
2df7396b3c6ce05a0c001324d82396de 16711 net optional cpdb-libs_1.2.0.orig.tar.gz
8dd57e5700b7cdb4398ecd1a6f0b8b6f 7836 net optional cpdb-libs_1.2.0-3.debian.tar.xz
c51ab6e49cc075cb45c0927f2e873fe2 10945 net optional cpdb-libs_1.2.0-3_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQKnBAEBCgCRFiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmScSQRfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcTHGRlYmlhbkBh
bHRlaG9sei5kZQAKCRCW/KwNOHtYRwo6D/4/rU9zAT7/5PUD+uetsscWK/r0EKOr
oQz9QQg/nU9A9S+ZMefKc5F3E8ESy0SjlfIzhncqFRiJv0nvWqun4MLaxnhJtHL9
8mjZGIm13ne8uU4VnKmADT18wSqfuoikdl9kKU/NyZsUReEEjf2lusVuktpFrfPa
D/38acE0d5by2qEdQUldHupRcs/rf+a3+0bYCWDGlS8kH3TGzyB/LBIchpZ5pEjh
Qt6Ma6C15s1JFig0mjSfUojflXFeo/JtISoZwYOhwGTyKngUOBvW4UdThWUDWjyA
ciUV9pXc4yyQk4D8MTnc2xQYAtoIvSf5EsBgSJa1vHDhP59WGN+YGpVpN9Gsczp4
MsXsffLtNJ3/FzIlja85mCg+4B2to32dJgmyHrGZFLrimZxMfEkDHmAkf02NYQeu
juDKJ8ebAZJogpv8wyHZ2QDggo1CzE/xC6nZ22UEN2rmX3Z7QY7ehK9fhfUnwbr5
o76hAQf+kEvBKx52NJI3hyQedYTn10qt8s6DqpmNpeH3+ZxDIXphT1utKdRIDGLD
0y+Nm2d3efIjcQzIOuWH7CqC34Avk13O7VvaYTBi2kaL3gyCv8H9aSmqFlPhwYK4
hXBuc3DVzRTnalHStomPQlZ5DleR5gw/xI+Nht+mSu/JvQSWfL42nyAi7lJkX1NB
+zWNaRA8hDaykw==
=vVdP
-----END PGP SIGNATURE-----
--- End Message ---
Reply to: