On 16.03.2015 11:20, Raphael Hertzog wrote: > Hello Gerrit, > > the Debian LTS team would like to fix the security issues which are > currently open in the Squeeze version of checkpw: > https://security-tracker.debian.org/tracker/CVE-2015-0885 Hi, I have prepared and tested a fix for squeeze. Salvatore Bonaccorso's fix for Wheezy can also be applied to the version in Squeeze. I have tested the fix by following the steps outlined in [1] and can confirm that it solves the issue. Please find attached a debdiff for review to this e-mail. Regards, Markus [1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780139#16
diff -u checkpw-1.02/debian/changelog checkpw-1.02/debian/changelog
--- checkpw-1.02/debian/changelog
+++ checkpw-1.02/debian/changelog
@@ -1,3 +1,10 @@
+checkpw (1.02-1+deb6u1) squeeze; urgency=medium
+
+ * Non-maintainer upload.
+ * CVE-2015-0885: Fix denial of service via -- in usernames (Closes: #780139)
+
+ -- Markus Koschany <apo@gambaru.de> Mon, 30 Mar 2015 14:02:06 +0200
+
checkpw (1.02-1) unstable; urgency=low
* new upstream point release.
only in patch2:
unchanged:
--- checkpw-1.02.orig/debian/diff/CVE-2015-0885.diff
+++ checkpw-1.02/debian/diff/CVE-2015-0885.diff
@@ -0,0 +1,24 @@
+--- checkpw-1.02.orig/checkapoppw.c
++++ checkpw-1.02/checkapoppw.c
+@@ -85,7 +85,7 @@
+ pw = getpwnam(login);
+ if (pw) break;
+ if (errno == error_txtbsy) die(111);
+- for (; ext != login && *ext != '-'; --ext);
++ do {--ext;} while (ext != login && *ext != '-');
+ if (ext == login) die(1);
+ if (i) login[i] = '-';
+ i = ext - login;
+only in patch2:
+unchanged:
+--- checkpw-1.02.orig/checkpw.c
++++ checkpw-1.02/checkpw.c
+@@ -71,7 +71,7 @@
+ pw = getpwnam(login);
+ if (pw) break;
+ if (errno == error_txtbsy) die(111);
+- for (; ext != login && *ext != '-'; --ext);
++ do {--ext;} while (ext != login && *ext != '-');
+ if (ext == login) die(1);
+ if (i) login[i] = '-';
+ i = ext - login;
Attachment:
signature.asc
Description: OpenPGP digital signature