Bug#769164: unblock: file/1:5.20-2

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#769164: unblock: file/1:5.20-2
From: Thijs Kinkhorst <thijs@debian.org>
Date: Tue, 11 Nov 2014 21:28:29 +0100
Message-id: <[🔎] 20141111202829.4800.93203.reportbug@localhost.localdomain>
Reply-to: Thijs Kinkhorst <thijs@debian.org>, 769164@bugs.debian.org

Package: release.debian.org
Severity: important
User: release.debian.org@packages.debian.org
Usertags: unblock

Please unblock package file.

 * Fixes a security issue, urgency set to high
 * Cherry-pick upstream commit FILE5_20-5-g39c7ac1:
   Fix note bounds reading, Francisco Alonso / Red Hat (CVE-2014-3710).
   Closes: #768806

unblock file/1:5.20-2


Thanks,
Thijs

diff -Nru file-5.20/debian/changelog file-5.20/debian/changelog
--- file-5.20/debian/changelog	2014-10-19 15:07:48.000000000 +0200
+++ file-5.20/debian/changelog	2014-11-09 17:53:20.000000000 +0100
@@ -1,3 +1,12 @@
+file (1:5.20-2) unstable; urgency=high
+
+  * Fixes a security issue, urgency set to high
+  * Cherry-pick upstream commit FILE5_20-5-g39c7ac1:
+    Fix note bounds reading, Francisco Alonso / Red Hat (CVE-2014-3710).
+    Closes: #768806
+
+ -- Christoph Biedl <debian.axhn@manchmal.in-ulm.de>  Sun, 09 Nov 2014 14:46:05 +0100
+
 file (1:5.20-1) unstable; urgency=low
 
   * New upstream version 5.20. Addresses:
diff -Nru file-5.20/debian/patches/CVE-2014-3710.patch file-5.20/debian/patches/CVE-2014-3710.patch
--- file-5.20/debian/patches/CVE-2014-3710.patch	1970-01-01 01:00:00.000000000 +0100
+++ file-5.20/debian/patches/CVE-2014-3710.patch	2014-11-09 15:20:57.000000000 +0100
@@ -0,0 +1,24 @@
+Subject: Fix note bounds reading, Francisco Alonso / Red Hat
+ID: CVE-2014-3710
+Author: Christos Zoulas <christos@zoulas.com>
+Date: Fri Oct 17 15:49:00 2014 +0000
+Origin:
+    commit 39c7ac1106be844a5296d3eb5971946cc09ffda0
+Last-Update: 2014-11-09
+
+--- a/src/readelf.c
++++ b/src/readelf.c
+@@ -477,6 +477,13 @@
+ 	uint32_t namesz, descsz;
+ 	unsigned char *nbuf = CAST(unsigned char *, vbuf);
+ 
++	if (xnh_sizeof + offset > size) {
++		/*
++		 * We're out of note headers.
++		 */
++		return xnh_sizeof + offset;
++	}
++
+ 	(void)memcpy(xnh_addr, &nbuf[offset], xnh_sizeof);
+ 	offset += xnh_sizeof;
+ 
diff -Nru file-5.20/debian/patches/series file-5.20/debian/patches/series
--- file-5.20/debian/patches/series	2014-10-19 12:06:17.000000000 +0200
+++ file-5.20/debian/patches/series	2014-11-09 15:14:12.000000000 +0100
@@ -9,3 +9,4 @@
 0010-mdadm.patch
 0011-btrfs.patch
 0012-lxt.patch
+CVE-2014-3710.patch

Reply to:

Follow-Ups:
- Bug#769164: marked as done (unblock: file/1:5.20-2)
  - From: owner@bugs.debian.org (Debian Bug Tracking System)

Prev by Date: Processed: Re: Bug#769116: unblock: guake/0.5.0-2
Next by Date: Bug#769122: unblock: qpid-proton/0.7-8
Previous by thread: Bug#769157: marked as done (unblock: libtheora/1.1.1+dfsg.1-6 (fix for RC bug #768685))
Next by thread: Bug#769164: marked as done (unblock: file/1:5.20-2)
Index(es):
- Date
- Thread