Bug#702921: unblock: inetutils/2:1.9-2

To: 702921@bugs.debian.org
Subject: Bug#702921: unblock: inetutils/2:1.9-2
From: Guillem Jover <guillem@debian.org>
Date: Wed, 13 Mar 2013 01:14:33 +0100
Message-id: <[🔎] 20130313001433.GA7214@gaara.hadrons.org>
Reply-to: Guillem Jover <guillem@debian.org>, 702921@bugs.debian.org
In-reply-to: <[🔎] 20130312235810.GA6099@gaara.hadrons.org>
References: <[🔎] 20130312235810.GA6099@gaara.hadrons.org>

On Wed, 2013-03-13 at 00:58:10 +0100, Guillem Jover wrote:
> Package: release.debian.org
> Severity: normal
> User: release.debian.org@packages.debian.org
> Usertags: unblock
> 
> Please unblock package inetutils. This version contains a security fix
> cherry picked from upstream, which was fixed long time ago for other
> packages with a shared ancestry (iputils).
> 
> The package failed to build on kfreebsd-any due to an issue in
> kfreebsd-kernel-headers, which has been fixed and the upload unblocked
> (thanks Adam!). The packages were given-back on kfreebsd-any and
> built fine.
> 
> Attached the debdiff. If everything looks fine please:

And of course I forgot to attach the diff.

> unblock inetutils/2:1.9-2
> 
> (Once this has migrated I'll prepare a security update for stable.)

Thanks,
Guillem

diff -Nru inetutils-1.9/debian/changelog inetutils-1.9/debian/changelog
--- inetutils-1.9/debian/changelog	2012-01-01 06:55:22.000000000 +0100
+++ inetutils-1.9/debian/changelog	2013-02-07 03:35:11.000000000 +0100
@@ -1,7 +1,15 @@
+inetutils (2:1.9-2) unstable; urgency=medium
+
+  * Fix DoS against inetutils-ping via a crafted echo response.
+    Patch cherry-picked from upstream. CVE-2010-2529
+
+ -- Guillem Jover <guillem@debian.org>  Thu, 07 Feb 2013 03:35:08 +0100
+
 inetutils (2:1.9-1) unstable; urgency=low
 
   * New upstream release.
-    - Implement ”ping -W linger”. (Closes: #566845)
+    - Implement “syslogd -b bindaddr”. (Closes: #207054)
+    - Implement “ping -W linger”. (Closes: #566845)
     - debian/patches/99_CVE-2011-4862.patch: Remove, merged upstream.
     - debian/patches/02_remove_unused_opie_check.patch: Likewise.
     - debian/patches/60_inetd_support_argless_services.patch: Likewise.
diff -Nru inetutils-1.9/debian/patches/0001-ping-CVE-2010-2529.patch inetutils-1.9/debian/patches/0001-ping-CVE-2010-2529.patch
--- inetutils-1.9/debian/patches/0001-ping-CVE-2010-2529.patch	1970-01-01 01:00:00.000000000 +0100
+++ inetutils-1.9/debian/patches/0001-ping-CVE-2010-2529.patch	2013-01-23 18:10:07.000000000 +0100
@@ -0,0 +1,28 @@
+From d7ffe9ddf524b0ff13088b2685bd9cfde5e580f5 Mon Sep 17 00:00:00 2001
+From: Mats Erik Andersson <gnu@gisladisker.se>
+Date: Thu, 17 Jan 2013 10:34:55 +0100
+Subject: [PATCH] ping: CVE-2010-2529
+
+	CVE-2010-2529: Infinite loop.
+
+	* ping/ping_echo.c (print_ip_opt) <IPOPT_RR>: Break loop
+	if option is truncated or exhausted.
+
+---
+
+diff --git a/ping/ping_echo.c b/ping/ping_echo.c
+index 634e178..e83ccff 100644
+--- a/ping/ping_echo.c
++++ b/ping/ping_echo.c
+@@ -499,7 +499,7 @@ print_ip_opt (struct ip *ip, int hlen)
+ 	  i = j;
+ 	i -= IPOPT_MINOFF;
+ 	if (i <= 0)
+-	  continue;
++	  break;
+ 	if (i == old_rrlen
+ 	    && cp == (unsigned char *) (ip + 1) + 2
+ 	    && !memcmp ((char *) cp, old_rr, i) && !(options & OPT_FLOOD))
+-- 
+1.8.1.1
+
diff -Nru inetutils-1.9/debian/patches/series inetutils-1.9/debian/patches/series
--- inetutils-1.9/debian/patches/series	2012-01-01 06:55:10.000000000 +0100
+++ inetutils-1.9/debian/patches/series	2013-01-23 17:59:35.000000000 +0100
@@ -7,3 +7,4 @@
 62_inetd_change_ipv6_protocol_semantics.patch
 70_ftbfs_non-linux.patch
 71_ftbfs_format_security.patch
+0001-ping-CVE-2010-2529.patch

Reply to:

References:
- Bug#702921: unblock: inetutils/2:1.9-2
  - From: Guillem Jover <guillem@debian.org>

Prev by Date: Bug#702921: unblock: inetutils/2:1.9-2
Next by Date: Bug#693457: unblock: ibus-table/1.4.99.20121012-1
Previous by thread: Bug#702921: unblock: inetutils/2:1.9-2
Next by thread: Bug#702921: marked as done (unblock: inetutils/2:1.9-2)
Index(es):
- Date
- Thread