Bug#768249: unblock: konversation/1.5-2
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock
Please unblock package konversation
To fix
https://security-tracker.debian.org/tracker/CVE-2014-8483
I backported a fix from upstream
unblock konversation/1.5-2
-- System Information:
Debian Release: jessie/sid
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'testing'), (500, 'stable'), (110,
'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.16-3-amd64 (SMP w/4 CPU cores)
diff -Nru konversation-1.5/debian/changelog konversation-1.5/debian/changelog
--- konversation-1.5/debian/changelog 2014-02-22 17:19:37.000000000 -0800
+++ konversation-1.5/debian/changelog 2014-11-05 14:02:01.000000000 -0800
@@ -1,3 +1,11 @@
+konversation (1.5-2) unstable; urgency=medium
+
+ * Backport fix for CVE-2014-8483 in cve-2014-8483.patch
+ See https://security-tracker.debian.org/tracker/CVE-2014-8483
+ (Closes: #768191)
+
+ -- Diane Trout <diane@ghic.org> Wed, 05 Nov 2014 22:47:53 +0100
+
konversation (1.5-1) unstable; urgency=medium
* New upstream release
diff -Nru konversation-1.5/debian/patches/cve-2014-8483.patch konversation-1.5/debian/patches/cve-2014-8483.patch
--- konversation-1.5/debian/patches/cve-2014-8483.patch 1969-12-31 16:00:00.000000000 -0800
+++ konversation-1.5/debian/patches/cve-2014-8483.patch 2014-11-05 12:21:25.000000000 -0800
@@ -0,0 +1,49 @@
+Origin: http://quickgit.kde.org/?p=konversation.git&a=commit&h=1f55cee8b3d0956adc98834f7b5832e48e077ed7
+Bug: https://bugs.kde.org/show_bug.cgi?id=210792
+Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=768191
+Description: Do a bounds check on ECB blocks.
+ Backport fix for CVE-2014-8483
+ https://security-tracker.debian.org/tracker/CVE-2014-8483
+ .
+ Blindly assuming they're the expected 12 chars can lead to a crash
+ on malformed input.
+ .
+ Original patch by Manuel Nickschas for Quassel, who incorporated
+ the original Konversation code into Quassel in 2009.
+
+--- a/src/cipher.cpp
++++ b/src/cipher.cpp
+@@ -353,8 +353,12 @@
+ }
+ else
+ {
++ // ECB Blowfish encodes in blocks of 12 chars, so anything else is malformed input
++ if ((temp.length() % 12) != 0)
++ return cipherText;
++
+ temp = b64ToByte(temp);
+- while((temp.length() % 8) != 0) temp.append('\0');
++ while ((temp.length() % 8) != 0) temp.append('\0');
+ }
+
+ QCA::Direction dir = (direction) ? QCA::Encode : QCA::Decode;
+@@ -362,11 +366,17 @@
+ QByteArray temp2 = cipher.update(QCA::MemoryRegion(temp)).toByteArray();
+ temp2 += cipher.final().toByteArray();
+
+- if(!cipher.ok())
++ if (!cipher.ok())
+ return cipherText;
+
+- if(direction)
++ if (direction)
++ {
++ // Sanity check
++ if ((temp2.length() % 8) != 0)
++ return cipherText;
++
+ temp2 = byteToB64(temp2);
++ }
+
+ return temp2;
+ }
diff -Nru konversation-1.5/debian/patches/series konversation-1.5/debian/patches/series
--- konversation-1.5/debian/patches/series 2014-02-22 10:28:08.000000000 -0800
+++ konversation-1.5/debian/patches/series 2014-11-05 10:45:52.000000000 -0800
@@ -1,2 +1,3 @@
+cve-2014-8483.patch
debian_dbug_autoreplace.diff
debian_channel.diff
Reply to: