Bug#768249: marked as done (unblock: konversation/1.5-2)

To: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Subject: Bug#768249: marked as done (unblock: konversation/1.5-2)
From: owner@bugs.debian.org (Debian Bug Tracking System)
Date: Thu, 06 Nov 2014 07:42:25 +0000
Message-id: <[🔎] handler.768249.D768249.141525897428815.ackdone@bugs.debian.org>
References: <aa4dd655730676be2bc683fe2473ac47@mail.adsl.funky-badger.org> <[🔎] 20141106052423.10476.29865.reportbug@myrada.ghic.org>

Your message dated Thu, 06 Nov 2014 07:29:26 +0000
with message-id <aa4dd655730676be2bc683fe2473ac47@mail.adsl.funky-badger.org>
and subject line Re: Bug#768249: unblock: konversation/1.5-2
has caused the Debian Bug report #768249,
regarding unblock: konversation/1.5-2
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
768249: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=768249
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: unblock: konversation/1.5-2
From: Diane Trout <diane@ghic.org>
Date: Wed, 05 Nov 2014 21:24:23 -0800
Message-id: <[🔎] 20141106052423.10476.29865.reportbug@myrada.ghic.org>

Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

Please unblock package konversation

To fix
https://security-tracker.debian.org/tracker/CVE-2014-8483
I backported a fix from upstream

unblock konversation/1.5-2

-- System Information:
Debian Release: jessie/sid
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'testing'), (500, 'stable'), (110,
'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.16-3-amd64 (SMP w/4 CPU cores)

diff -Nru konversation-1.5/debian/changelog konversation-1.5/debian/changelog
--- konversation-1.5/debian/changelog	2014-02-22 17:19:37.000000000 -0800
+++ konversation-1.5/debian/changelog	2014-11-05 14:02:01.000000000 -0800
@@ -1,3 +1,11 @@
+konversation (1.5-2) unstable; urgency=medium
+
+  * Backport fix for CVE-2014-8483 in cve-2014-8483.patch
+    See https://security-tracker.debian.org/tracker/CVE-2014-8483
+    (Closes: #768191)
+
+ -- Diane Trout <diane@ghic.org>  Wed, 05 Nov 2014 22:47:53 +0100
+
 konversation (1.5-1) unstable; urgency=medium
 
   * New upstream release
diff -Nru konversation-1.5/debian/patches/cve-2014-8483.patch konversation-1.5/debian/patches/cve-2014-8483.patch
--- konversation-1.5/debian/patches/cve-2014-8483.patch	1969-12-31 16:00:00.000000000 -0800
+++ konversation-1.5/debian/patches/cve-2014-8483.patch	2014-11-05 12:21:25.000000000 -0800
@@ -0,0 +1,49 @@
+Origin: http://quickgit.kde.org/?p=konversation.git&a=commit&h=1f55cee8b3d0956adc98834f7b5832e48e077ed7
+Bug: https://bugs.kde.org/show_bug.cgi?id=210792
+Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=768191
+Description: Do a bounds check on ECB blocks.
+    Backport fix for CVE-2014-8483
+    https://security-tracker.debian.org/tracker/CVE-2014-8483
+    .
+    Blindly assuming they're the expected 12 chars can lead to a crash
+    on malformed input.
+    .
+    Original patch by Manuel Nickschas for Quassel, who incorporated
+    the original Konversation code into Quassel in 2009.
+
+--- a/src/cipher.cpp
++++ b/src/cipher.cpp
+@@ -353,8 +353,12 @@
+         }
+         else
+         {
++        // ECB Blowfish encodes in blocks of 12 chars, so anything else is malformed input
++        if ((temp.length() % 12) != 0)
++            return cipherText;
++
+             temp = b64ToByte(temp);
+-            while((temp.length() % 8) != 0) temp.append('\0');
++            while ((temp.length() % 8) != 0) temp.append('\0');
+         }
+ 
+         QCA::Direction dir = (direction) ? QCA::Encode : QCA::Decode;
+@@ -362,11 +366,17 @@
+         QByteArray temp2 = cipher.update(QCA::MemoryRegion(temp)).toByteArray();
+         temp2 += cipher.final().toByteArray();
+ 
+-        if(!cipher.ok())
++        if (!cipher.ok())
+             return cipherText;
+ 
+-        if(direction)
++        if (direction)
++        {
++            // Sanity check
++            if ((temp2.length() % 8) != 0)
++                return cipherText;
++
+             temp2 = byteToB64(temp2);
++        }
+ 
+         return temp2;
+     }
diff -Nru konversation-1.5/debian/patches/series konversation-1.5/debian/patches/series
--- konversation-1.5/debian/patches/series	2014-02-22 10:28:08.000000000 -0800
+++ konversation-1.5/debian/patches/series	2014-11-05 10:45:52.000000000 -0800
@@ -1,2 +1,3 @@
+cve-2014-8483.patch
 debian_dbug_autoreplace.diff
 debian_channel.diff

--- End Message ---

--- Begin Message ---

To: Diane Trout <diane@ghic.org>, 768249-done@bugs.debian.org

Subject: Re: Bug#768249: unblock: konversation/1.5-2

From: "Adam D. Barratt" <adam@adam-barratt.org.uk>

Date: Thu, 06 Nov 2014 07:29:26 +0000

Message-id: <aa4dd655730676be2bc683fe2473ac47@mail.adsl.funky-badger.org>

In-reply-to: <[🔎] 20141106052423.10476.29865.reportbug@myrada.ghic.org>

References: <[🔎] 20141106052423.10476.29865.reportbug@myrada.ghic.org>
On 2014-11-06 5:24, Diane Trout wrote:
Please unblock package konversation

To fix
https://security-tracker.debian.org/tracker/CVE-2014-8483
I backported a fix from upstream
Unblocked, thanks.

Regards,

Adam
--- End Message ---

Reply to:

References:
- Bug#768249: unblock: konversation/1.5-2
  - From: Diane Trout <diane@ghic.org>

Prev by Date: Bug#768215: marked as done (unblock: owfs/2.9p8-4)
Next by Date: Bug#767190: unblock: oxygen-gtk3/1.4.1-1
Previous by thread: Bug#768249: unblock: konversation/1.5-2
Next by thread: Bug#768252: unblock: geary/0.8.2-1
Index(es):
- Date
- Thread