On 16.03.2015 11:20, Raphael Hertzog wrote: > Hello Gerrit, > > the Debian LTS team would like to fix the security issues which are > currently open in the Squeeze version of checkpw: > https://security-tracker.debian.org/tracker/CVE-2015-0885 Hi, I have prepared and tested a fix for squeeze. Salvatore Bonaccorso's fix for Wheezy can also be applied to the version in Squeeze. I have tested the fix by following the steps outlined in [1] and can confirm that it solves the issue. Please find attached a debdiff for review to this e-mail. Regards, Markus [1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780139#16
diff -u checkpw-1.02/debian/changelog checkpw-1.02/debian/changelog --- checkpw-1.02/debian/changelog +++ checkpw-1.02/debian/changelog @@ -1,3 +1,10 @@ +checkpw (1.02-1+deb6u1) squeeze; urgency=medium + + * Non-maintainer upload. + * CVE-2015-0885: Fix denial of service via -- in usernames (Closes: #780139) + + -- Markus Koschany <apo@gambaru.de> Mon, 30 Mar 2015 14:02:06 +0200 + checkpw (1.02-1) unstable; urgency=low * new upstream point release. only in patch2: unchanged: --- checkpw-1.02.orig/debian/diff/CVE-2015-0885.diff +++ checkpw-1.02/debian/diff/CVE-2015-0885.diff @@ -0,0 +1,24 @@ +--- checkpw-1.02.orig/checkapoppw.c ++++ checkpw-1.02/checkapoppw.c +@@ -85,7 +85,7 @@ + pw = getpwnam(login); + if (pw) break; + if (errno == error_txtbsy) die(111); +- for (; ext != login && *ext != '-'; --ext); ++ do {--ext;} while (ext != login && *ext != '-'); + if (ext == login) die(1); + if (i) login[i] = '-'; + i = ext - login; +only in patch2: +unchanged: +--- checkpw-1.02.orig/checkpw.c ++++ checkpw-1.02/checkpw.c +@@ -71,7 +71,7 @@ + pw = getpwnam(login); + if (pw) break; + if (errno == error_txtbsy) die(111); +- for (; ext != login && *ext != '-'; --ext); ++ do {--ext;} while (ext != login && *ext != '-'); + if (ext == login) die(1); + if (i) login[i] = '-'; + i = ext - login;
Attachment:
signature.asc
Description: OpenPGP digital signature