[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#700277: marked as done (pu: package kfreebsd-8/8.1+dfsg-8+squeeze4)

Your message dated Sat, 23 Feb 2013 11:56:55 +0000
with message-id <1361620615.20752.10.camel@jacala.jungle.funky-badger.org>
and subject line Closing p-u bugs included in point release
has caused the Debian Bug report #700277,
regarding pu: package kfreebsd-8/8.1+dfsg-8+squeeze4
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
700277: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700277
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: release.debian.org
User: release.debian.org@packages.debian.org
Usertags: pu
X-Debbugs-Cc: debian-bsd@lists.debian.org

Dear Release Team,

Please would it possible to fix #694096 / CVE-2012-4576 via
stable-proposed-updates.  It affects the linux.ko kernel module which is
shipped but not normally loaded/used.  This was already fixed in testing
via sid, and without a DSA.

A debdiff is attached of the changes staged in the glibc-bsd packaging
SVN;  I would ask a DD on the team to upload this if approved.

Thank you.

-- System Information:
Debian Release: wheezy/sid
  APT prefers testing
  APT policy: (500, 'testing'), (1, 'experimental')
Architecture: kfreebsd-amd64 (x86_64)

Kernel: kFreeBSD 9.0-2-amd64-xenhvm
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

diff -u kfreebsd-8-8.1+dfsg/debian/changelog kfreebsd-8-8.1+dfsg/debian/changelog
--- kfreebsd-8-8.1+dfsg/debian/changelog
+++ kfreebsd-8-8.1+dfsg/debian/changelog
@@ -1,3 +1,12 @@
+kfreebsd-8 (8.1+dfsg-8+squeeze4) stable-proposed-updates; urgency=low
+
+  [ Steven Chamberlain ]
+  * Apply patch for SA-12:08 / CVE-2012-4576:
+    memory access without proper validation in linux compat system
+    (Closes: #694096)
+
+ -- GNU/kFreeBSD Maintainers <debian-bsd@lists.debian.org>  Sun, 10 Feb 2013 19:30:43 +0000
+
 kfreebsd-8 (8.1+dfsg-8+squeeze3) stable-security; urgency=medium
 
   [ Steven Chamberlain ]
diff -u kfreebsd-8-8.1+dfsg/debian/patches/series kfreebsd-8-8.1+dfsg/debian/patches/series
--- kfreebsd-8-8.1+dfsg/debian/patches/series
+++ kfreebsd-8-8.1+dfsg/debian/patches/series
@@ -44,0 +45 @@
+SA-12_08.linux.patch
only in patch2:
unchanged:
--- kfreebsd-8-8.1+dfsg.orig/debian/patches/SA-12_08.linux.patch
+++ kfreebsd-8-8.1+dfsg/debian/patches/SA-12_08.linux.patch
@@ -0,0 +1,16 @@
+Index: kfreebsd-8-8.1+dfsg/sys/compat/linux/linux_ioctl.c
+===================================================================
+--- kfreebsd-8-8.1+dfsg.orig/sys/compat/linux/linux_ioctl.c	2009-09-17 12:03:37.000000000 +0100
++++ kfreebsd-8-8.1+dfsg/sys/compat/linux/linux_ioctl.c	2013-02-10 19:26:12.136388557 +0000
+@@ -2228,8 +2228,9 @@
+ 
+ 	ifc.ifc_len = valid_len; 
+ 	sbuf_finish(sb);
+-	memcpy(PTRIN(ifc.ifc_buf), sbuf_data(sb), ifc.ifc_len);
+-	error = copyout(&ifc, uifc, sizeof(ifc));
++	error = copyout(sbuf_data(sb), PTRIN(ifc.ifc_buf), ifc.ifc_len);
++	if (error == 0)
++		error = copyout(&ifc, uifc, sizeof(ifc));
+ 	sbuf_delete(sb);
+ 	CURVNET_RESTORE();
+

--- End Message ---
--- Begin Message --- 
Version: 6.0.7

Hi,

The package discussed in each of these bugs was added to stable as part
of today's point release.

Regards,

Adam

--- End Message ---
Reply to: