[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SRM] stable/oldstable uploads for vftool CVE-2011-0433

I recently uploaded an NMU for vftool to fix CVE-2011-0433 in sid
(bug #614669). At the time I notified the maintainer that I would perform
uploads for stable and oldstable and I have not had any response, therefore
the stable patch is attached.

Stable is easy: the same version is present, so the patch is just the same
as for unstable.

In oldstable, you have a choice of whether to include the changes in -4 or
not. They fix a FTBFS (which I could not reproduce in a lenny chroot) but
are not strictly necessary to fix the CVE. I will prepare uploads
according to your preference.

Thanks.

$ debdiff vftool_2.0alpha-4.dsc vftool_2.0alpha-4.1.dsc |diffstat
 debian/patch-2                   |   21 +++++++++++++++++++++
 vftool-2.0alpha/debian/changelog |    9 +++++++++
 vftool-2.0alpha/debian/rules     |    2 ++
 3 files changed, 32 insertions(+)


diff -u vftool-2.0alpha/debian/changelog vftool-2.0alpha/debian/changelog
--- vftool-2.0alpha/debian/changelog
+++ vftool-2.0alpha/debian/changelog
@@ -1,3 +1,12 @@
+vftool (2.0alpha-4.1) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * debian/patch-3:
+    - fix CVE-2011-0433, a buffer overflow in linetoken() in parseAFM.c
+    Closes: #614669
+
+ -- Jonathan Wiltshire <jmw@debian.org>  Wed, 29 Jun 2011 23:06:32 +0100
+
 vftool (2.0alpha-4) unstable; urgency=low
 
   * Fixed FTBFS bug with a patch by Ruben Molina <rmolina AT udea.edu.co>
diff -u vftool-2.0alpha/debian/rules vftool-2.0alpha/debian/rules
--- vftool-2.0alpha/debian/rules
+++ vftool-2.0alpha/debian/rules
@@ -28,6 +28,8 @@
 	patch -p1 < debian/patch-0
 	patch -NRp1 < debian/patch-1 || true
 	patch -p1 < debian/patch-1
+	patch -NRp1 < debian/patch-2 || true
+	patch -p1 < debian/patch-2
 	$(MAKE) mka2bkjvf
 	$(MAKE) mka2bkvf
 	$(MAKE) mkbkv2hjvf
only in patch2:
unchanged:
--- vftool-2.0alpha.orig/debian/patch-2
+++ vftool-2.0alpha/debian/patch-2
@@ -0,0 +1,21 @@
+From: Vincent Untz <vuntz@gnome.org>
+Date: Thu, 17 Feb 2011 15:23:39 +0100
+Subject: [PATCH] backends: Fix another security issue in the dvi-backend
+Bug: https://bugzilla.gnome.org/show_bug.cgi?id=640923
+Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=614669
+
+This is similar to one of the fixes from d4139205.
+
+https://bugzilla.gnome.org/show_bug.cgi?id=640923
+
+--- vftool-2.0alpha.orig/parseAFM.c
++++ vftool-2.0alpha/parseAFM.c
+@@ -178,7 +178,7 @@
+     while ((ch = fgetc(stream)) == ' ' || ch == '\t' ); 
+     
+     idx = 0;
+-    while (ch != EOF && ch != lineterm) 
++    while (ch != EOF && ch != lineterm && idx < MAX_NAME)
+     {
+         ident[idx++] = ch;
+         ch = fgetc(stream);

-- 
Jonathan Wiltshire                                      jmw@debian.org
Debian Developer                         http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51

Attachment: signature.asc
Description: Digital signature

Reply to: