Package: release.debian.org Severity: normal User: release.debian.org@packages.debian.org Usertags: pu The security team have indicated that CVE-2011-2200 (Bug #629938, a local DoS) will not be fixed in a DSA. Here's a proposed patch for a stable update, already tested on a squeeze laptop. OK to upload? Thanks, S
diffstat for dbus-1.2.24 dbus-1.2.24 changelog | 8 ++++ control | 4 +- patches/13-629938-_dbus_header_byteswap.patch | 46 ++++++++++++++++++++++++++ patches/series | 1 4 files changed, 57 insertions(+), 2 deletions(-) diff -Nru dbus-1.2.24/debian/changelog dbus-1.2.24/debian/changelog --- dbus-1.2.24/debian/changelog 2010-12-21 17:46:17.000000000 +0000 +++ dbus-1.2.24/debian/changelog 2011-06-14 19:45:07.000000000 +0100 @@ -1,3 +1,11 @@ +dbus (1.2.24-4+squeeze1) stable; urgency=low + + * Update Vcs-* control fields to reflect the move to git + * Apply patch to fix upstream bug fd.o #38120, which is a local DoS for + system services (Closes: #629938) + + -- Simon McVittie <smcv@debian.org> Tue, 14 Jun 2011 19:45:00 +0100 + dbus (1.2.24-4) unstable; urgency=high * debian/patches/12-CVE-2010-4352-reject-deeply-nested-variants.patch diff -Nru dbus-1.2.24/debian/control dbus-1.2.24/debian/control --- dbus-1.2.24/debian/control 2010-12-21 17:32:03.000000000 +0000 +++ dbus-1.2.24/debian/control 2011-06-12 12:31:16.000000000 +0100 @@ -17,8 +17,8 @@ libx11-dev, libselinux1-dev [linux-any] Standards-Version: 3.9.0 -Vcs-Svn: svn://svn.debian.org/pkg-utopia/packages/unstable/dbus/ -Vcs-Browser: http://svn.debian.org/wsvn/pkg-utopia/packages/unstable/dbus/ +Vcs-Git: git://anonscm.debian.org/pkg-utopia/dbus.git +Vcs-Browser: http://anonscm.debian.org/gitweb/?p=pkg-utopia/dbus.git Homepage: http://dbus.freedesktop.org/ Package: dbus diff -Nru dbus-1.2.24/debian/patches/13-629938-_dbus_header_byteswap.patch dbus-1.2.24/debian/patches/13-629938-_dbus_header_byteswap.patch --- dbus-1.2.24/debian/patches/13-629938-_dbus_header_byteswap.patch 1970-01-01 01:00:00.000000000 +0100 +++ dbus-1.2.24/debian/patches/13-629938-_dbus_header_byteswap.patch 2011-06-12 12:43:20.000000000 +0100 @@ -0,0 +1,46 @@ +From: Simon McVittie <simon.mcvittie@collabora.co.uk> +Date: Thu, 9 Jun 2011 17:52:10 +0100 +Subject: [PATCH] _dbus_header_byteswap: change the first byte of the message, + not just the struct member + +This has been wrong approximately forever, for instance see: +http://lists.freedesktop.org/archives/dbus/2007-March/007357.html + +This prevents a local DoS, in which users can disconnect a system service +from the system bus by sending a non-native-endian message to it. + +Bug: https://bugs.freedesktop.org/show_bug.cgi?id=38120 +Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=629938 +Reviewed-by: Will Thompson <will.thompson@collabora.co.uk> +Origin: upstream, http://cgit.freedesktop.org/dbus/dbus/commit/?id=c3223ba6 +Applied-upstream: 1.4.12, commit:c3223ba6c401ba81df1305851312a47c485e6cd7 +Applied-upstream: 1.2.28, commit:6519a1f77c61d753d4c97efd6e15630eb275336e +--- + dbus/dbus-marshal-header.c | 6 ++++++ + 1 files changed, 6 insertions(+), 0 deletions(-) + +diff --git a/dbus/dbus-marshal-header.c b/dbus/dbus-marshal-header.c +index 3f31d7a..a6c9b80 100644 +--- a/dbus/dbus-marshal-header.c ++++ b/dbus/dbus-marshal-header.c +@@ -1468,14 +1468,20 @@ void + _dbus_header_byteswap (DBusHeader *header, + int new_order) + { ++ unsigned char byte_order; ++ + if (header->byte_order == new_order) + return; + ++ byte_order = _dbus_string_get_byte (&header->data, BYTE_ORDER_OFFSET); ++ _dbus_assert (header->byte_order == byte_order); ++ + _dbus_marshal_byteswap (&_dbus_header_signature_str, + 0, header->byte_order, + new_order, + &header->data, 0); + ++ _dbus_string_set_byte (&header->data, BYTE_ORDER_OFFSET, new_order); + header->byte_order = new_order; + } + diff -Nru dbus-1.2.24/debian/patches/series dbus-1.2.24/debian/patches/series --- dbus-1.2.24/debian/patches/series 2010-12-21 17:34:52.000000000 +0000 +++ dbus-1.2.24/debian/patches/series 2011-06-12 12:51:34.000000000 +0100 @@ -3,3 +3,4 @@ 10_dbus-1.0.1-generate-xml-docs.patch 11-589662-reload-kqueue.patch 12-CVE-2010-4352-reject-deeply-nested-variants.patch +13-629938-_dbus_header_byteswap.patch
Attachment:
signature.asc
Description: Digital signature