--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock
Please unblock package libguac
Version 0.6.0-2 contains a fix for a security vulnerability
(http://security-tracker.debian.org/tracker/CVE-2012-4415), but is being
blocked because of the freeze.
unblock libguac/0.6.0-2
Thanks.
-- System Information:
Debian Release: wheezy/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 3.2.0-2-amd64 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
diff -Nru libguac-0.6.0/debian/changelog libguac-0.6.0/debian/changelog
--- libguac-0.6.0/debian/changelog 2012-06-01 13:52:13.000000000 -0700
+++ libguac-0.6.0/debian/changelog 2012-09-11 11:30:15.000000000 -0700
@@ -1,3 +1,11 @@
+libguac (0.6.0-2) unstable; urgency=high
+
+ * CVE-2012-4415: Buffer overflow in guac_client_plugin_open
+ - debian/patches/0002-guac_client_plugin_open-buffer-overflow.patch,
+ thanks to Timo Juhani Lindfors for discovering the flaw
+
+ -- Michael Jumper <zhangmaike@users.sourceforge.net> Sun, 26 Aug
2012 18:47:52 -0700
+
libguac (0.6.0-1) unstable; urgency=low
* Merged latest changes from 0.6.0
diff -Nru libguac-0.6.0/debian/patches/0002-guac_client_plugin_open-buffer-overflow.patch
libguac-0.6.0/debian/patches/0002-guac_client_plugin_open-buffer-overflow.patch
--- libguac-0.6.0/debian/patches/0002-guac_client_plugin_open-buffer-overflow.patch
1969-12-31 16:00:00.000000000 -0800
+++ libguac-0.6.0/debian/patches/0002-guac_client_plugin_open-buffer-overflow.patch
2012-09-11 11:28:19.000000000 -0700
@@ -0,0 +1,82 @@
+From 7dcefa744b4a38825619c00ae8b47e5bae6e38c0 Mon Sep 17 00:00:00 2001
+From: Michael Jumper <zhangmaike@users.sourceforge.net>
+Date: Thu, 23 Aug 2012 11:50:06 -0700
+Subject: [PATCH] Define library prefix/suffix with macros, explicitly
define and enforce limit on protocol name length, and overall library
name length.
+
+---
+ include/client.h | 32 ++++++++++++++++++++++++++++++++
+ src/client.c | 9 +++++----
+ 2 files changed, 37 insertions(+), 4 deletions(-)
+
+diff --git a/include/client.h b/include/client.h
+index 57852c5..1ceafe9 100644
+--- a/include/client.h
++++ b/include/client.h
+@@ -50,6 +50,38 @@
+ * @file client.h
+ */
+
++/**
++ * String prefix which begins the library filename of all client plugins.
++ */
++#define GUAC_PROTOCOL_LIBRARY_PREFIX "libguac-client-"
++
++/**
++ * String suffix which ends the library filename of all client plugins.
++ */
++#define GUAC_PROTOCOL_LIBRARY_SUFFIX ".so"
++
++/**
++ * The maximum number of characters (COUNTING NULL TERMINATOR) to allow
++ * for protocol names within the library filename of client plugins.
++ */
++#define GUAC_PROTOCOL_NAME_LIMIT 256
++
++/**
++ * The maximum number of characters (INCLUDING NULL TERMINATOR) that a
++ * character array containing the concatenation of the library prefix,
++ * protocol name, and suffix can contain, assuming the protocol name is
++ * limited to GUAC_PROTOCOL_NAME_LIMIT characters.
++ */
++#define GUAC_PROTOCOL_LIBRARY_LIMIT ( \
++ \
++ sizeof(GUAC_PROTOCOL_LIBRARY_PREFIX) - 1 /* "libguac-client-" */ \
++ + GUAC_PROTOCOL_NAME_LIMIT - 1 /* [up to 256 chars] */ \
++ + sizeof(GUAC_PROTOCOL_LIBRARY_SUFFIX) - 1 /* ".so" */ \
++ + 1 /* NULL terminator */ \
++ \
++)
++
++
+ typedef struct guac_client guac_client;
+ typedef struct guac_client_plugin guac_client_plugin;
+
+diff --git a/src/client.c b/src/client.c
+index 759c4f3..90491b5 100644
+--- a/src/client.c
++++ b/src/client.c
+@@ -164,16 +164,17 @@ guac_client_plugin*
guac_client_plugin_open(const char* protocol) {
+ const char** client_args;
+
+ /* Pluggable client */
+- char protocol_lib[256] = "libguac-client-";
+-
++ char protocol_lib[GUAC_PROTOCOL_LIBRARY_LIMIT] =
++ GUAC_PROTOCOL_LIBRARY_PREFIX;
++
+ union {
+ guac_client_init_handler* client_init;
+ void* obj;
+ } alias;
+
+ /* Add protocol and .so suffix to protocol_lib */
+- strcat(protocol_lib, protocol);
+- strcat(protocol_lib, ".so");
++ strncat(protocol_lib, protocol, GUAC_PROTOCOL_NAME_LIMIT-1);
++ strcat(protocol_lib, GUAC_PROTOCOL_LIBRARY_SUFFIX);
+
+ /* Load client plugin */
+ client_plugin_handle = dlopen(protocol_lib, RTLD_LAZY);
+--
+1.7.2.5
+
diff -Nru libguac-0.6.0/debian/patches/series
libguac-0.6.0/debian/patches/series
--- libguac-0.6.0/debian/patches/series 2012-05-30 23:47:45.000000000 -0700
+++ libguac-0.6.0/debian/patches/series 2012-09-11 11:28:19.000000000 -0700
@@ -1 +1,2 @@
0001-remove-requirement-for-m4-dir.patch
+0002-guac_client_plugin_open-buffer-overflow.patch
--- End Message ---