Bug#719642: marked as done (pu: samba/2:3.6.6-6+deb7u1)

[owner@bugs.debian.org (Debian Bug Tracking System)]

Your message dated Sun, 08 Sep 2013 21:02:33 +0000
with message-id <E1VIm7t-0004es-6o@franck.debian.org>
and subject line Bug#719642: fixed in libmodplug 1:0.8.8.1-1+squeeze2+git20130828
has caused the Debian Bug report #719642,
regarding pu: samba/2:3.6.6-6+deb7u1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
719642: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=719642
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: submit@bugs.debian.org
• Subject: pu: samba/2:3.6.6-6+deb7u1
• From: Ivo De Decker <ivo.dedecker@ugent.be>
• Date: Tue, 13 Aug 2013 21:47:33 +0200
• Message-id: <20130813194731.GA10666@ugent.be>

Package: release.debian.org
Severity: normal
Tags: wheezy
User: release.debian.org@packages.debian.org
Usertags: pu

Dear release team,

The Samba Team released a security update with a fix for CVE-2013-4124. Please
accept the attached patch for wheezy.

Thanks in advance.

Cheers,

Ivo

diff -Nru samba-3.6.6/debian/changelog samba-3.6.6/debian/changelog
--- samba-3.6.6/debian/changelog	2013-04-15 23:56:50.000000000 +0200
+++ samba-3.6.6/debian/changelog	2013-08-13 21:10:11.000000000 +0200
@@ -1,3 +1,11 @@
+samba (2:3.6.6-6+deb7u1) wheezy; urgency=low
+
+  * Security update
+  * CVE-2013-4124: Denial of service - CPU loop and memory allocation
+    Closes: #718781
+
+ -- Ivo De Decker <ivo.dedecker@ugent.be>  Tue, 13 Aug 2013 21:10:11 +0200
+
 samba (2:3.6.6-6) unstable; urgency=low
 
   * Team upload.
diff -Nru samba-3.6.6/debian/patches/security-CVE-2013-4124.patch samba-3.6.6/debian/patches/security-CVE-2013-4124.patch
--- samba-3.6.6/debian/patches/security-CVE-2013-4124.patch	1970-01-01 01:00:00.000000000 +0100
+++ samba-3.6.6/debian/patches/security-CVE-2013-4124.patch	2013-08-13 16:59:11.000000000 +0200
@@ -0,0 +1,39 @@
+CVE-2013-4124 (Missing integer wrap protection in EA list reading can cause
+server to loop with DOS).
+
+   All current released versions of Samba are vulnerable to a denial of
+   service on an authenticated or guest connection. A malformed packet
+   can cause the smbd server to loop the CPU performing memory
+   allocations and preventing any further service.
+
+   A connection to a file share, or a local account is needed to exploit
+   this problem, either authenticated or unauthenticated if guest
+   connections are allowed.
+
+   This flaw is not exploitable beyond causing the code to loop
+   allocating memory, which may cause the machine to exceed memory
+   limits.
+
+diff -u -r --new-file --exclude .svn --exclude CVS samba-3.6.16/source3/smbd/nttrans.c samba-3.6.17/source3/smbd/nttrans.c
+--- samba-3.6.16/source3/smbd/nttrans.c	2013-06-19 09:35:24.000000000 +0200
++++ samba-3.6.17/source3/smbd/nttrans.c	2013-07-29 20:55:18.000000000 +0200
+@@ -989,7 +989,19 @@
+ 		if (next_offset == 0) {
+ 			break;
+ 		}
++
++		/* Integer wrap protection for the increment. */
++		if (offset + next_offset < offset) {
++			break;
++		}
++
+ 		offset += next_offset;
++
++		/* Integer wrap protection for while loop. */
++		if (offset + 4 < offset) {
++			break;
++		}
++
+ 	}
+ 
+ 	return ea_list_head;
diff -Nru samba-3.6.6/debian/patches/series samba-3.6.6/debian/patches/series
--- samba-3.6.6/debian/patches/series	2013-01-31 20:53:43.000000000 +0100
+++ samba-3.6.6/debian/patches/series	2013-08-13 16:59:11.000000000 +0200
@@ -24,3 +24,4 @@
 0001-ndr-fix-push-pull-DATA_BLOB-with-NDR_NOALIGN.patch
 security-CVE-2013-0213.patch
 security-CVE-2013-0214.patch
+security-CVE-2013-4124.patch

--- End Message ---

--- Begin Message ---

• To: 719642-close@bugs.debian.org
• Subject: Bug#719642: fixed in libmodplug 1:0.8.8.1-1+squeeze2+git20130828
• From: Zed Pobre <zed@debian.org>
• Date: Sun, 08 Sep 2013 21:02:33 +0000
• Message-id: <E1VIm7t-0004es-6o@franck.debian.org>

Source: libmodplug
Source-Version: 1:0.8.8.1-1+squeeze2+git20130828

We believe that the bug you reported is fixed in the latest version of
libmodplug, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 719642@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Zed Pobre <zed@debian.org> (supplier of updated libmodplug package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Mon, 02 Sep 2013 22:22:22 -0400
Source: libmodplug
Binary: libmodplug1 libmodplug-dev
Architecture: source all amd64
Version: 1:0.8.8.1-1+squeeze2+git20130828
Distribution: oldstable-security
Urgency: high
Maintainer: Zed Pobre <zed@debian.org>
Changed-By: Zed Pobre <zed@debian.org>
Description: 
 libmodplug-dev - development files for mod music based on ModPlug
 libmodplug1 - shared libraries for mod music based on ModPlug
Closes: 719642
Changes: 
 libmodplug (1:0.8.8.1-1+squeeze2+git20130828) oldstable-security; urgency=high
 .
   * Merge all changes from latest upstream Git repository (0.8.8.4 with
     additional patches), including the following security changes:
     * CVE-2013-4233: fix integer overflow in load_abc.cpp
     * CVE-2013-4234: fix heap overflows in abc_MIDI_drum and abc_MIDI_gchord
   * Closes: #719642
Checksums-Sha1: 
 580dd0b4ddefa22214bede588c9879a68de2bf52 1823 libmodplug_0.8.8.1-1+squeeze2+git20130828.dsc
 2fe235e50c4061544ea2ed483589e7ca50b665f2 45463 libmodplug_0.8.8.1-1+squeeze2+git20130828.diff.gz
 baba5af7330fc302da4e535949edd7db18bedea1 27282 libmodplug-dev_0.8.8.1-1+squeeze2+git20130828_all.deb
 f7e415c9904fee17d719c1af43c2d6bdfdb95f2b 181022 libmodplug1_0.8.8.1-1+squeeze2+git20130828_amd64.deb
Checksums-Sha256: 
 d880162a280bdf6dff07fd8f1213a79f9500e78b10d30c04d1dd5348a32ee4de 1823 libmodplug_0.8.8.1-1+squeeze2+git20130828.dsc
 fc73939b936c8f866560732819ea14a1b455f0f2fcdd2fc20881342d70fea75b 45463 libmodplug_0.8.8.1-1+squeeze2+git20130828.diff.gz
 ea3889820ae3991fb28f77bffa0a5cd8391dd1ac323a283b4f363c2d1055cec9 27282 libmodplug-dev_0.8.8.1-1+squeeze2+git20130828_all.deb
 0f66cb9b9b50c323a253b75faa5a45362231dbc7e2fc2b9dd4afe1dd70f99a9a 181022 libmodplug1_0.8.8.1-1+squeeze2+git20130828_amd64.deb
Files: 
 9c5e9a23385f285b40b02dc55d137f00 1823 libs optional libmodplug_0.8.8.1-1+squeeze2+git20130828.dsc
 1a8e082bb7802085d4cb7b7e123c7281 45463 libs optional libmodplug_0.8.8.1-1+squeeze2+git20130828.diff.gz
 4afd55ecc3b158fd356850c2445bbe82 27282 libdevel optional libmodplug-dev_0.8.8.1-1+squeeze2+git20130828_all.deb
 65f36767a1fbe94dff19363de472af31 181022 libs optional libmodplug1_0.8.8.1-1+squeeze2+git20130828_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQIcBAEBCAAGBQJSJUvRAAoJEEj0fFjWHGKDp+QQALA3iX4Zx+n/WrTaZLjtW5U/
CADLGjXybEUCwUG7QfpPQqVvqyP8rst4ImKLZCoAch2cFatUtbGUSXk69bX2GXBE
09D52pOcH9tdf7l1nimYQDRzyn40R83gAPn0lcIYAaeMnWwKHv+4ZKUrtoybMXdt
6luuKURp1tnhQZkA5d4+8z1Lh48y1CL4161POqNAYQlD0SPkiWnucrhwbsw8GewW
F5uWA0FbssyQXcFRxfRhtXMfEsYxle9Y/8xlD9rws52lIM0yfoJWr3w5LaKN8+et
98s8NxDPMgjwJwCSJG/t/u7L8hWU4L/DVerg5iR4N3ee8/9p62BAsDGDdp3indSr
ULXBjnJzWHxHJe07t3FloRmS6cpo99koEdkLnYZaDuJh1VjAurE0GK13NVdW9muN
A2rmHcWbpMg9stm1QVOUUSpXMQYl5BfvbWKCS4dMHxIgZ+KLZfjXAphgmqO30WIK
g9UN8Q+8DfTklANSEmJ6n3ixuIS0ZLe7U3UwsoUdRAZY7L83Cd/7QJABrla/cljS
CD9L0CTO7qpJffkbaEESxyGHzKMXpJ9alkT/dQYoZawESW78YXaon3g8Le3A+4/C
HRQWzGzcPj4ImESWPawXBrNkQDn9e0z6d6/gDzuggRzGVce2xXa7vRSNMAJK3WmT
0ipTMRXd1zmNBhVs4tK4
=d5FL
-----END PGP SIGNATURE-----

--- End Message ---