Bug#610791: unblock: ccid/1.3.11-2 (Fixes CVE-2010-4530)
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock
Please unblock package ccid
This version fixes a security bug.
I also contacted the security team for the stable release.
diff -u ccid-1.3.11/debian/changelog ccid-1.3.11/debian/changelog
--- ccid-1.3.11/debian/changelog
+++ ccid-1.3.11/debian/changelog
@@ -1,3 +1,10 @@
+ccid (1.3.11-2) unstable; urgency=high
+
+ * Fix CVE-2010-4530: Signedness error in ccid_serial.c
+ * Closes: #607780 "ccid: buffer overflow"
+
+ -- Ludovic Rousseau <rousseau@debian.org> Fri, 21 Jan 2011 10:54:51 +0100
+
ccid (1.3.11-1) unstable; urgency=low
* New upstream release
only in patch2:
unchanged:
--- ccid-1.3.11.orig/src/ccid_serial.c
+++ ccid-1.3.11/src/ccid_serial.c
@@ -310,6 +310,12 @@
/* total frame size */
to_read = 10+dw2i(buffer, 1);
+ if ((to_read < 10) || (to_read > (int)*length))
+ {
+ DEBUG_CRITICAL2("Wrong value for frame size: %d", to_read);
+ return STATUS_COMM_ERROR;
+ }
+
DEBUG_COMM2("frame size: %d", to_read);
if ((rv = get_bytes(reader_index, buffer+5, to_read-5)) != STATUS_SUCCESS)
return rv;
unblock ccid/1.3.11-2
-- System Information:
Debian Release: squeeze/sid
APT prefers testing
APT policy: (990, 'testing'), (500, 'unstable'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.32-5-amd64 (SMP w/1 CPU core)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Reply to: