Bug#719642: marked as done (pu: samba/2:3.6.6-6+deb7u1)

[owner@bugs.debian.org (Debian Bug Tracking System)]

Your message dated Tue, 03 Sep 2013 03:18:26 +0000
with message-id <E1VGh8M-0006yl-9y@franck.debian.org>
and subject line Bug#719642: fixed in libmodplug 1:0.8.8.4-4
has caused the Debian Bug report #719642,
regarding pu: samba/2:3.6.6-6+deb7u1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
719642: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=719642
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: submit@bugs.debian.org
• Subject: pu: samba/2:3.6.6-6+deb7u1
• From: Ivo De Decker <ivo.dedecker@ugent.be>
• Date: Tue, 13 Aug 2013 21:47:33 +0200
• Message-id: <20130813194731.GA10666@ugent.be>

Package: release.debian.org
Severity: normal
Tags: wheezy
User: release.debian.org@packages.debian.org
Usertags: pu

Dear release team,

The Samba Team released a security update with a fix for CVE-2013-4124. Please
accept the attached patch for wheezy.

Thanks in advance.

Cheers,

Ivo

diff -Nru samba-3.6.6/debian/changelog samba-3.6.6/debian/changelog
--- samba-3.6.6/debian/changelog	2013-04-15 23:56:50.000000000 +0200
+++ samba-3.6.6/debian/changelog	2013-08-13 21:10:11.000000000 +0200
@@ -1,3 +1,11 @@
+samba (2:3.6.6-6+deb7u1) wheezy; urgency=low
+
+  * Security update
+  * CVE-2013-4124: Denial of service - CPU loop and memory allocation
+    Closes: #718781
+
+ -- Ivo De Decker <ivo.dedecker@ugent.be>  Tue, 13 Aug 2013 21:10:11 +0200
+
 samba (2:3.6.6-6) unstable; urgency=low
 
   * Team upload.
diff -Nru samba-3.6.6/debian/patches/security-CVE-2013-4124.patch samba-3.6.6/debian/patches/security-CVE-2013-4124.patch
--- samba-3.6.6/debian/patches/security-CVE-2013-4124.patch	1970-01-01 01:00:00.000000000 +0100
+++ samba-3.6.6/debian/patches/security-CVE-2013-4124.patch	2013-08-13 16:59:11.000000000 +0200
@@ -0,0 +1,39 @@
+CVE-2013-4124 (Missing integer wrap protection in EA list reading can cause
+server to loop with DOS).
+
+   All current released versions of Samba are vulnerable to a denial of
+   service on an authenticated or guest connection. A malformed packet
+   can cause the smbd server to loop the CPU performing memory
+   allocations and preventing any further service.
+
+   A connection to a file share, or a local account is needed to exploit
+   this problem, either authenticated or unauthenticated if guest
+   connections are allowed.
+
+   This flaw is not exploitable beyond causing the code to loop
+   allocating memory, which may cause the machine to exceed memory
+   limits.
+
+diff -u -r --new-file --exclude .svn --exclude CVS samba-3.6.16/source3/smbd/nttrans.c samba-3.6.17/source3/smbd/nttrans.c
+--- samba-3.6.16/source3/smbd/nttrans.c	2013-06-19 09:35:24.000000000 +0200
++++ samba-3.6.17/source3/smbd/nttrans.c	2013-07-29 20:55:18.000000000 +0200
+@@ -989,7 +989,19 @@
+ 		if (next_offset == 0) {
+ 			break;
+ 		}
++
++		/* Integer wrap protection for the increment. */
++		if (offset + next_offset < offset) {
++			break;
++		}
++
+ 		offset += next_offset;
++
++		/* Integer wrap protection for while loop. */
++		if (offset + 4 < offset) {
++			break;
++		}
++
+ 	}
+ 
+ 	return ea_list_head;
diff -Nru samba-3.6.6/debian/patches/series samba-3.6.6/debian/patches/series
--- samba-3.6.6/debian/patches/series	2013-01-31 20:53:43.000000000 +0100
+++ samba-3.6.6/debian/patches/series	2013-08-13 16:59:11.000000000 +0200
@@ -24,3 +24,4 @@
 0001-ndr-fix-push-pull-DATA_BLOB-with-NDR_NOALIGN.patch
 security-CVE-2013-0213.patch
 security-CVE-2013-0214.patch
+security-CVE-2013-4124.patch

--- End Message ---

--- Begin Message ---

• To: 719642-close@bugs.debian.org
• Subject: Bug#719642: fixed in libmodplug 1:0.8.8.4-4
• From: Zed Pobre <zed@debian.org>
• Date: Tue, 03 Sep 2013 03:18:26 +0000
• Message-id: <E1VGh8M-0006yl-9y@franck.debian.org>

Source: libmodplug
Source-Version: 1:0.8.8.4-4

We believe that the bug you reported is fixed in the latest version of
libmodplug, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 719642@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Zed Pobre <zed@debian.org> (supplier of updated libmodplug package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Mon, 02 Sep 2013 22:31:46 -0400
Source: libmodplug
Binary: libmodplug1 libmodplug-dev
Architecture: source all amd64
Version: 1:0.8.8.4-4
Distribution: unstable
Urgency: high
Maintainer: Zed Pobre <zed@debian.org>
Changed-By: Zed Pobre <zed@debian.org>
Description: 
 libmodplug-dev - development files for mod music based on ModPlug
 libmodplug1 - shared libraries for mod music based on ModPlug
Closes: 719642
Changes: 
 libmodplug (1:0.8.8.4-4) unstable; urgency=high
 .
     * Merge all changes from latest upstream Git repository (0.8.8.4 with
       additional patches), including the following security changes:
       * CVE-2013-4233: fix integer overflow in load_abc.cpp
       * CVE-2013-4234: fix heap overflows in abc_MIDI_drum and abc_MIDI_gchord
       * Closes: #719642
     * Standards-Version: 3.9.4
       * Added Vcs-Git and Vcs-Browser entries
Checksums-Sha1: 
 278c8012ccb684eed4a3589db7a1f1db18c931b2 1910 libmodplug_0.8.8.4-4.dsc
 da57401a6fdc70fbf72ff5e16cb51feb99bd4602 20851 libmodplug_0.8.8.4-4.diff.gz
 67463c461a37a3bba675a01a75d194dd66e0805c 27822 libmodplug-dev_0.8.8.4-4_all.deb
 b892c266ef4fa24091203780471ca1a0259aefbb 182900 libmodplug1_0.8.8.4-4_amd64.deb
Checksums-Sha256: 
 5c747facb8833de9e0fbac6a55baa8e83e7849c4ce7861f1777dd441fcd38169 1910 libmodplug_0.8.8.4-4.dsc
 52794535947c252c8e42b517409515001f75b7c1c56bf192ae3ea6b79152b632 20851 libmodplug_0.8.8.4-4.diff.gz
 54108d1e99bc4e9a8878c8fc1c474f9732a1d6560e6b3b9411fd7d5b40e18a14 27822 libmodplug-dev_0.8.8.4-4_all.deb
 59fb70ef31d13dcf82b97d502e58a82172929f021d809d9e6d2c0bb27f2f731c 182900 libmodplug1_0.8.8.4-4_amd64.deb
Files: 
 5aab2abfe333b49f050578ec2ad96fae 1910 libs optional libmodplug_0.8.8.4-4.dsc
 b497c60eea88143517c34e3047a72d9a 20851 libs optional libmodplug_0.8.8.4-4.diff.gz
 6d9ddf8b51efd043427f475624d1c170 27822 libdevel optional libmodplug-dev_0.8.8.4-4_all.deb
 d1f95dc84a175e7aed4f41e8e8eb8157 182900 libs optional libmodplug1_0.8.8.4-4_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQIcBAEBCAAGBQJSJVGMAAoJEEj0fFjWHGKDFDIP/i/JLgDDGFuMlQ/p0C4Awtes
bCFWHNXLUqBwS4QiE15u4FF9nW9o0khigVu+IQfuv/1uJqzK7kMvhhna2D90Fv2P
tjJ9WYCUueI8lAMu4x+Hp+9T2/kf6yI0Xcy+H8UuIutbjTVQQ1llN5RcXkvXbs8z
Pu0OZ4gufcbUw+/vRBTo5aZ+GYv8zyc8V9O1p/IecnlRVJ1m7chNVxpllwS04lkb
eZAZJ/iGFTRnstkWqnWfk7gAJtU9n532qpdZIVVENrgmdbNPHeUpBoexHMzGjTq/
SCwQ58BdIpzcpqD5lsiMyBemz/9t649ctPakz+8a4EOd+37SKbX3JcLS16ntElxp
poPkAAQDt5hGLHRLRf65WXHKRv4HfRbD3w+PkqIGCUf6psNg749QCUTy/OOgNTIs
zuSslSj/1tKO/U4SnDk9QX6CA/VEjcp6CjwbXOeDcjmqqLBN13BUerUXn17gtG5N
G9khkBM4IxCoo54EiX5vPxeGTOjOTPF42ca7prORAXE3L/Mdd6nX1UQ0HF8YrsjJ
igzLyAasL0MtVfHCiSeqEdT/EhBL97a6ROVDmxsNmFTmdA8vCW4JG/EsP3ku0tYH
ffs7LjNgsherxvMKamgNMUI+quzUEDNbA85zdSR3s9apsX1iENdBFr8vVYT1mbVw
pnVE56TOJ3MyonY/EWZ8
=/5S/
-----END PGP SIGNATURE-----

--- End Message ---