Re: [debian-lts] e2fsprogs package
Hi,
Without looking at the bugfix... please use the debXuY form in the changelog
instead of +squeezeY; i.e. in this case it would be +deb6u1. Moreover, the
target distribution is not stable, but squeeze-lts - that also needs to be
fixed.
Oops, stupid mistakes.
I have fixed it, could you please check it again.
Thanks and best regards
CongNT
On 10/02/2015 03:38, Raphael Geissert wrote:
Hi,
On Monday 09 February 2015 15:44:46 Nguyen Cong wrote:
Hi all,
I would like to send debdiff file of e2fsprogs package for reviewing.
Could anyone please review it and give me some comments.
Without looking at the bugfix... please use the debXuY form in the changelog
instead of +squeezeY; i.e. in this case it would be +deb6u1. Moreover, the
target distribution is not stable, but squeeze-lts - that also needs to be
fixed.
Cheers,
--
=====================================================================
Nguyen The Cong (Mr)
Software Engineer
Toshiba Software Development (Vietnam) Co.,Ltd
519 Kim Ma street, Ba Dinh District, Hanoi, Vietnam
tel: +84-4-2220 8801 (Ext. 208)
e-mail: cong.nguyenthe@toshiba-tsdv.com
=====================================================================
Note: This e-mail message may contain personal information or confidential information. If you are not the addressee of this message, please delete this message and kindly notify the sender as soon as possible - do not copy, use, or disclose this message.
diff -Nru e2fsprogs-1.41.12/debian/changelog e2fsprogs-1.41.12/debian/changelog
--- e2fsprogs-1.41.12/debian/changelog 2011-06-19 00:21:52.000000000 +0700
+++ e2fsprogs-1.41.12/debian/changelog 2015-02-10 08:53:16.000000000 +0700
@@ -1,3 +1,13 @@
+e2fsprogs (1.41.12-4stable1+deb6u1) squeeze-lts; urgency=low
+
+ * Non-maintainer upload by the Debian LTS team.
+ * libext2fs: Fix buffer overflow if s_first_meta_bg is too big
+ as reported in CVE-2015-0247.
+ Refer to upstream commit:
+ https://git.kernel.org/cgit/fs/ext2/e2fsprogs.git/commit/?id=f66e6ce4
+
+ -- Nguyen Cong <cong.nguyenthe@toshiba-tsdv.com> Tue, 10 Feb 2015 08:50:40 +0700
+
e2fsprogs (1.41.12-4stable1) stable; urgency=high
* Upload to proposed-updates
diff -Nru e2fsprogs-1.41.12/lib/ext2fs/closefs.c e2fsprogs-1.41.12/lib/ext2fs/closefs.c
--- e2fsprogs-1.41.12/lib/ext2fs/closefs.c 2011-06-19 00:14:54.000000000 +0700
+++ e2fsprogs-1.41.12/lib/ext2fs/closefs.c 2015-02-10 08:49:52.000000000 +0700
@@ -284,9 +284,11 @@
* superblocks and group descriptors.
*/
group_ptr = (char *) group_shadow;
- if (fs->super->s_feature_incompat & EXT2_FEATURE_INCOMPAT_META_BG)
+ if (fs->super->s_feature_incompat & EXT2_FEATURE_INCOMPAT_META_BG) {
old_desc_blocks = fs->super->s_first_meta_bg;
- else
+ if (old_desc_blocks > fs->super->s_first_meta_bg)
+ old_desc_blocks = fs->desc_blocks;
+ } else
old_desc_blocks = fs->desc_blocks;
for (i = 0; i < fs->group_desc_count; i++) {
diff -Nru e2fsprogs-1.41.12/lib/ext2fs/openfs.c e2fsprogs-1.41.12/lib/ext2fs/openfs.c
--- e2fsprogs-1.41.12/lib/ext2fs/openfs.c 2011-06-19 00:14:54.000000000 +0700
+++ e2fsprogs-1.41.12/lib/ext2fs/openfs.c 2015-02-10 08:50:36.000000000 +0700
@@ -304,9 +304,11 @@
group_block = fs->super->s_first_data_block;
dest = (char *) fs->group_desc;
groups_per_block = EXT2_DESC_PER_BLOCK(fs->super);
- if (fs->super->s_feature_incompat & EXT2_FEATURE_INCOMPAT_META_BG)
+ if (fs->super->s_feature_incompat & EXT2_FEATURE_INCOMPAT_META_BG) {
first_meta_bg = fs->super->s_first_meta_bg;
- else
+ if (first_meta_bg > fs->desc_blocks)
+ first_meta_bg = fs->desc_blocks;
+ } else
first_meta_bg = fs->desc_blocks;
if (first_meta_bg) {
retval = io_channel_read_blk(fs->io, group_block+1,
--
This mail was scanned by BitDefender
For more information please visit http://www.bitdefender.com
Reply to: