Bug#1038253: marked as done (cpdb-libs: CVE-2023-34095)

To: Thorsten Alteholz <debian@alteholz.de>
Subject: Bug#1038253: marked as done (cpdb-libs: CVE-2023-34095)
From: "Debian Bug Tracking System" <owner@bugs.debian.org>
Date: Fri, 30 Jun 2023 23:33:07 +0000
Message-id: <[🔎] handler.1038253.D1038253.1688167931932077.ackdone@bugs.debian.org>
Reply-to: 1038253@bugs.debian.org
References: <E1qFNax-00061M-Np@fasolo.debian.org> <[🔎] 168694202681.3355751.11673337145926296618.reportbug@eldamar.lan>

Your message dated Fri, 30 Jun 2023 23:32:07 +0000
with message-id <E1qFNax-00061M-Np@fasolo.debian.org>
and subject line Bug#1038253: fixed in cpdb-libs 1.2.0-2+deb12u1
has caused the Debian Bug report #1038253,
regarding cpdb-libs: CVE-2023-34095
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
1038253: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1038253
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: cpdb-libs: CVE-2023-34095
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Fri, 16 Jun 2023 21:00:26 +0200
Message-id: <[🔎] 168694202681.3355751.11673337145926296618.reportbug@eldamar.lan>

Source: cpdb-libs
Version: 1.2.0-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: carnil@debian.org, Debian Security Team <team@security.debian.org>

Hi,

The following vulnerability was published for cpdb-libs.

CVE-2023-34095[0]:
| cpdb-libs provides frontend and backend libraries for the Common
| Printing Dialog Backends (CPDB) project. In versions 1.0 through
| 2.0b4, cpdb-libs is vulnerable to buffer overflows via improper use
| of `scanf(3)`. cpdb-libs uses the `fscanf()` and `scanf()` functions
| to parse command lines and configuration files, dropping the read
| string components into fixed-length buffers, but does not limit the
| length of the strings to be read by `fscanf()` and `scanf()` causing
| buffer overflows when a string is longer than 1023 characters. A
| patch for this issue is available at commit
| f181bd1f14757c2ae0f17cc76dc20421a40f30b7. As all buffers have a
| length of 1024 characters, the patch limits the maximum string
| length to be read to 1023 by replacing all occurrences of `%s` with
| `%1023s` in all calls of the `fscanf()` and `scanf()` functions.

Note, that 1.2.x predates the comit 3f66d47252d5 ("print_frontend: Use
larger and more easily adjustable string buffers") and so the older
version is only using buffers of 100 characters of length.

Additionally basically the fix consists of searching of all 'fscanf()'
and 'scanf()' usages, and replace the '%s' occurences accordingly.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2023-34095
    https://www.cve.org/CVERecord?id=CVE-2023-34095
[1] https://github.com/OpenPrinting/cpdb-libs/security/advisories/GHSA-25j7-9gfc-f46x

Regards,
Salvatore

--- End Message ---

--- Begin Message ---

To: 1038253-close@bugs.debian.org
Subject: Bug#1038253: fixed in cpdb-libs 1.2.0-2+deb12u1
From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Date: Fri, 30 Jun 2023 23:32:07 +0000
Message-id: <E1qFNax-00061M-Np@fasolo.debian.org>
Reply-to: Thorsten Alteholz <debian@alteholz.de>

Source: cpdb-libs
Source-Version: 1.2.0-2+deb12u1
Done: Thorsten Alteholz <debian@alteholz.de>

We believe that the bug you reported is fixed in the latest version of
cpdb-libs, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1038253@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Thorsten Alteholz <debian@alteholz.de> (supplier of updated cpdb-libs package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 27 Jun 2023 22:03:02 +0200
Source: cpdb-libs
Architecture: source
Version: 1.2.0-2+deb12u1
Distribution: bookworm
Urgency: medium
Maintainer: Debian Printing Team <debian-printing@lists.debian.org>
Changed-By: Thorsten Alteholz <debian@alteholz.de>
Closes: 1038253
Changes:
 cpdb-libs (1.2.0-2+deb12u1) bookworm; urgency=medium
 .
   * CVE-2023-34095 (Closes: #1038253)
     buffer overflow via improper use of scanf()/fscanf()
Checksums-Sha1:
 450637294624692b9ec27ffa6cfbfc4810e83ede 2771 cpdb-libs_1.2.0-2+deb12u1.dsc
 664496b6709f44ecfc6d7a58a22ee691023660a3 16711 cpdb-libs_1.2.0.orig.tar.gz
 da6291b9b74f147d32a6fbf0498af76b6337ec0b 7852 cpdb-libs_1.2.0-2+deb12u1.debian.tar.xz
 e519323c498120ac6cadb47aea462c5fb621681d 10931 cpdb-libs_1.2.0-2+deb12u1_amd64.buildinfo
Checksums-Sha256:
 bec2e75d6d5aed12ce01e0691460e4c3a695f3ebff4cd7f7640bff88e78139ae 2771 cpdb-libs_1.2.0-2+deb12u1.dsc
 f30a172bc44aed667bc15de200907098e8eeced1a53bd68f5bfa8a5e82fe8990 16711 cpdb-libs_1.2.0.orig.tar.gz
 5621b31ea8b40b65bf84b3a687b86900b848385d70dc5e7cdb0d533d50c6b050 7852 cpdb-libs_1.2.0-2+deb12u1.debian.tar.xz
 405a56b874747949de543ff74efc2a379874abe47c832512bcb7b19a7e68a1f2 10931 cpdb-libs_1.2.0-2+deb12u1_amd64.buildinfo
Files:
 86aa8e7989914a03148964036c7e92c9 2771 net optional cpdb-libs_1.2.0-2+deb12u1.dsc
 2df7396b3c6ce05a0c001324d82396de 16711 net optional cpdb-libs_1.2.0.orig.tar.gz
 db60e3a30c995f08e3ef61edc9fd3e56 7852 net optional cpdb-libs_1.2.0-2+deb12u1.debian.tar.xz
 f5f041d1e0b3fc455a62b4a893fe9e68 10931 net optional cpdb-libs_1.2.0-2+deb12u1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQKnBAEBCgCRFiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmSfVQFfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcTHGRlYmlhbkBh
bHRlaG9sei5kZQAKCRCW/KwNOHtYR83cEACfBT/niuhgRr1/McR3A1zbCgGqOMEz
DkLg1wevoSAc64vsGvvwxjMxZ78YGgaj01TXjhC9JJcY6ntool98X/9qeVq6c9Gv
z2Bk0q1jOx9P8JzBvKt2DoBz5J5zwHg7q7kfXpwEVOCHs6ztda5D5INuw/8KzMea
P+8coILGLtT6UqD4Z/zo3vYbzvYMrtoGz+tbz8rY+lcfCaOt/ak+LOh5qIpjGs7y
pqmy3bWl97C3puEHeku9abWGUcnjhyJsvi304237Yhp0+A+qjhkM0Ipoy2f3KAeM
K+2BzRAKW2b081PlbPFqXvBRFujsyGzxJ3FrAkSkG57X8uLfV+cFtZBCW5sGm92h
LJf6sFuOsjv4aNpP3qGqMtScQ+6JHgHPGvECcxaols3OpWVyU5nF1hlF0v1Gi9Od
Y4UhyoYurS/XK0Jvw/wWTNU2yb7AAlRriQOtWMLdi/qvVhsnTgJAbpnRrQO+LvyU
OwR/Da7iSrF8gvGKq/st6m8UCytcLcHrh54Ejcw6eYP9aKMtahj+WrS+RbeoeNHH
bnTDDOdhLK7W5VE1PgOiycQCDCfimOdzXcJi+w7Gq+B+XR1/fd/uaNkWBxI3VnqZ
QWyW8kEU9pjQwOO76hS8nZ7h+D7h8W9Udsg6D7EyBGjTT8fRY9CdjDfmLXFvKjPs
IKVAtzq8wVeN4g==
=2HR8
-----END PGP SIGNATURE-----

--- End Message ---

Reply to:

References:
- Bug#1038253: cpdb-libs: CVE-2023-34095
  - From: Salvatore Bonaccorso <carnil@debian.org>

Prev by Date: cpdb-libs_1.2.0-2+deb12u1_source.changes ACCEPTED into proposed-updates->stable-new
Next by Date: cpdb-libs_1.2.0-2+deb12u1_source.changes ACCEPTED into proposed-updates
Previous by thread: Bug#1038253: marked as done (cpdb-libs: CVE-2023-34095)
Next by thread: Bug#1038837: cups: transition from /etc/timezone to /etc/localtime
Index(es):
- Date
- Thread