Your message dated Wed, 12 Nov 2014 21:58:04 +0100 with message-id <20141112205804.GD2077@betterave.cristau.org> and subject line Re: Bug#769285: unblock aircrack-ng/1:1.2-0~beta3-2 has caused the Debian Bug report #769285, regarding unblock aircrack-ng/1:1.2-0~beta3-3 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 769285: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=769285 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: unblock aircrack-ng/1:1.2-0~beta3-2
- From: Carlos Alberto Lopez Perez <clopez@igalia.com>
- Date: Wed, 12 Nov 2014 13:56:20 +0100
- Message-id: <[🔎] 546358F4.8040107@igalia.com>
Subject: unblock: aircrack-ng/1:1.2-0~beta3-2 Package: release.debian.org User: release.debian.org@packages.debian.org Usertags: unblock Severity: important X-Debbugs-CC: carnil@debian.org Please unblock package aircrack-ng It fixes 4 security vulnerabilities. (#767979) https://security-tracker.debian.org/tracker/CVE-2014-8321 https://security-tracker.debian.org/tracker/CVE-2014-8322 https://security-tracker.debian.org/tracker/CVE-2014-8323 https://security-tracker.debian.org/tracker/CVE-2014-8324 Attached is the debdiff against the package in testing. unblock aircrack-ng/1:1.2-0~beta3-2diff -Nru aircrack-ng-1.2-0~beta3/debian/changelog aircrack-ng-1.2-0~beta3/debian/changelog --- aircrack-ng-1.2-0~beta3/debian/changelog 2014-05-30 19:40:13.000000000 +0200 +++ aircrack-ng-1.2-0~beta3/debian/changelog 2014-11-12 00:16:47.000000000 +0100 @@ -1,3 +1,14 @@ +aircrack-ng (1:1.2-0~beta3-2) unstable; urgency=high + + * Fix the following security vulnerabilities: (Closes: #767979) + * CVE-2014-8321 - GPS stack overflow. + * CVE-2014-8322 - tcp_test stack overflow. + * CVE-2014-8323 - buddy-ng missing checkin data format. + * CVE-2014-8324 - net_get missing check for invalid values. + * Add missing dh-python package to Build-Depends. + + -- Carlos Alberto Lopez Perez <clopez@igalia.com> Tue, 11 Nov 2014 23:41:52 +0100 + aircrack-ng (1:1.2-0~beta3-1) unstable; urgency=low * New upstream release. diff -Nru aircrack-ng-1.2-0~beta3/debian/control aircrack-ng-1.2-0~beta3/debian/control --- aircrack-ng-1.2-0~beta3/debian/control 2014-05-30 18:39:20.000000000 +0200 +++ aircrack-ng-1.2-0~beta3/debian/control 2014-11-12 00:15:54.000000000 +0100 @@ -5,6 +5,7 @@ Homepage: http://www.aircrack-ng.org/ Build-Depends: debhelper (>= 9), + dh-python, libgcrypt20-dev | libgcrypt11-dev, libnl-genl-3-dev [linux-any], libpcap0.8-dev, diff -Nru aircrack-ng-1.2-0~beta3/debian/patches/004-CVE-2014-8321.diff aircrack-ng-1.2-0~beta3/debian/patches/004-CVE-2014-8321.diff --- aircrack-ng-1.2-0~beta3/debian/patches/004-CVE-2014-8321.diff 1970-01-01 01:00:00.000000000 +0100 +++ aircrack-ng-1.2-0~beta3/debian/patches/004-CVE-2014-8321.diff 2014-11-11 23:52:09.000000000 +0100 @@ -0,0 +1,26 @@ +From ff70494dd389ba570dbdbf36f217c28d4381c6b5 Mon Sep 17 00:00:00 2001 +From: Thomas d'Otreppe <tdotreppe@aircrack-ng.org> +Date: Fri, 3 Oct 2014 01:51:21 +0000 +Subject: [PATCH] Airodump-ng: Fixed GPS stack overflow (Closes #13 on GitHub). + +git-svn-id: http://svn.aircrack-ng.org/trunk@2416 28c6078b-6c39-48e3-add9-af49d547ecab +--- + src/airodump-ng.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/airodump-ng.c b/src/airodump-ng.c +index 6cec912..222492c 100644 +--- a/src/airodump-ng.c ++++ b/src/airodump-ng.c +@@ -4497,7 +4497,7 @@ void gps_tracker( void ) + } + + // New version, JSON +- if( recv( gpsd_sock, line + pos, sizeof( line ) - 1, 0 ) <= 0 ) ++ if( recv( gpsd_sock, line + pos, sizeof( line ) - pos - 1, 0 ) <= 0 ) + return; + + // search for TPV class: {"class":"TPV" +-- +2.0.0.rc2 + diff -Nru aircrack-ng-1.2-0~beta3/debian/patches/005-CVE-2014-8322.diff aircrack-ng-1.2-0~beta3/debian/patches/005-CVE-2014-8322.diff --- aircrack-ng-1.2-0~beta3/debian/patches/005-CVE-2014-8322.diff 1970-01-01 01:00:00.000000000 +0100 +++ aircrack-ng-1.2-0~beta3/debian/patches/005-CVE-2014-8322.diff 2014-11-11 23:52:57.000000000 +0100 @@ -0,0 +1,27 @@ +From 091b153f294b9b695b0b2831e65936438b550d7b Mon Sep 17 00:00:00 2001 +From: Thomas d'Otreppe <tdotreppe@aircrack-ng.org> +Date: Fri, 3 Oct 2014 01:53:50 +0000 +Subject: [PATCH] Aireplay-ng: Fixed tcp_test stack overflow (Closes #14 on + GitHub). + +git-svn-id: http://svn.aircrack-ng.org/trunk@2417 28c6078b-6c39-48e3-add9-af49d547ecab +--- + src/aireplay-ng.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/src/aireplay-ng.c b/src/aireplay-ng.c +index 7335442..b397015 100644 +--- a/src/aireplay-ng.c ++++ b/src/aireplay-ng.c +@@ -5398,6 +5398,8 @@ int tcp_test(const char* ip_str, const short port) + if( (unsigned)caplen == sizeof(nh)) + { + len = ntohl(nh.nh_len); ++ if (len > 1024 || len < 0) ++ continue; + if( nh.nh_type == 1 && i==0 ) + { + i=1; +-- +2.0.0.rc2 + diff -Nru aircrack-ng-1.2-0~beta3/debian/patches/006-CVE-2014-8323.diff aircrack-ng-1.2-0~beta3/debian/patches/006-CVE-2014-8323.diff --- aircrack-ng-1.2-0~beta3/debian/patches/006-CVE-2014-8323.diff 1970-01-01 01:00:00.000000000 +0100 +++ aircrack-ng-1.2-0~beta3/debian/patches/006-CVE-2014-8323.diff 2014-11-11 23:53:42.000000000 +0100 @@ -0,0 +1,26 @@ +From da087238963c1239fdabd47dc1b65279605aca70 Mon Sep 17 00:00:00 2001 +From: Thomas d'Otreppe <tdotreppe@aircrack-ng.org> +Date: Fri, 3 Oct 2014 01:58:02 +0000 +Subject: [PATCH] Buddy-ng: Fixed segmentation fault (Closes #15 on GitHub). + +git-svn-id: http://svn.aircrack-ng.org/trunk@2418 28c6078b-6c39-48e3-add9-af49d547ecab +--- + src/buddy-ng.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/src/buddy-ng.c b/src/buddy-ng.c +index 8a7927c..8da8996 100644 +--- a/src/buddy-ng.c ++++ b/src/buddy-ng.c +@@ -83,6 +83,8 @@ int handle(int s, unsigned char* data, int len, struct sockaddr_in *s_in) + *cmd++ = htons(S_CMD_PACKET); + *cmd++ = *pid; + plen = len - 2; ++ if (plen < 0) ++ return 0; + + last_id = ntohs(*pid); + if (last_id > 20000) +-- +2.0.0.rc2 + diff -Nru aircrack-ng-1.2-0~beta3/debian/patches/007-CVE-2014-8324.diff aircrack-ng-1.2-0~beta3/debian/patches/007-CVE-2014-8324.diff --- aircrack-ng-1.2-0~beta3/debian/patches/007-CVE-2014-8324.diff 1970-01-01 01:00:00.000000000 +0100 +++ aircrack-ng-1.2-0~beta3/debian/patches/007-CVE-2014-8324.diff 2014-11-11 23:54:55.000000000 +0100 @@ -0,0 +1,27 @@ +From 88702a3ce4c28a973bf69023cd0312f412f6193e Mon Sep 17 00:00:00 2001 +From: Thomas d'Otreppe <tdotreppe@aircrack-ng.org> +Date: Fri, 3 Oct 2014 02:00:34 +0000 +Subject: [PATCH] OSdep: Fixed segmentation fault that happens with a malicious + server sending a negative length (Closes #16 on GitHub). + +git-svn-id: http://svn.aircrack-ng.org/trunk@2419 28c6078b-6c39-48e3-add9-af49d547ecab +--- + src/osdep/network.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/osdep/network.c b/src/osdep/network.c +index 4f0f8b2..4ebfaf4 100644 +--- a/src/osdep/network.c ++++ b/src/osdep/network.c +@@ -131,7 +131,7 @@ int net_get(int s, void *arg, int *len) + if (!(plen <= *len)) + printf("PLEN %d type %d len %d\n", + plen, nh.nh_type, *len); +- assert(plen <= *len); /* XXX */ ++ assert(plen <= *len && plen > 0); /* XXX */ + + *len = plen; + if ((*len) && (net_read_exact(s, arg, *len) == -1)) +-- +2.0.0.rc2 + diff -Nru aircrack-ng-1.2-0~beta3/debian/patches/series aircrack-ng-1.2-0~beta3/debian/patches/series --- aircrack-ng-1.2-0~beta3/debian/patches/series 2014-05-20 20:31:44.000000000 +0200 +++ aircrack-ng-1.2-0~beta3/debian/patches/series 2014-11-11 23:59:00.000000000 +0100 @@ -2,3 +2,7 @@ 001-Airodump_whitespace_oui.diff 002-fix-libnl-detection.diff 003-dont-abort-libnl-nolinux.diff +004-CVE-2014-8321.diff +005-CVE-2014-8322.diff +006-CVE-2014-8323.diff +007-CVE-2014-8324.diffAttachment: signature.asc
Description: OpenPGP digital signature
--- End Message ---
--- Begin Message ---
- To: Carlos Alberto Lopez Perez <clopez@igalia.com>, 769285-done@bugs.debian.org
- Subject: Re: Bug#769285: unblock aircrack-ng/1:1.2-0~beta3-2
- From: Julien Cristau <jcristau@debian.org>
- Date: Wed, 12 Nov 2014 21:58:04 +0100
- Message-id: <20141112205804.GD2077@betterave.cristau.org>
- In-reply-to: <[🔎] 5463A5A7.6030606@igalia.com>
- References: <[🔎] 546358F4.8040107@igalia.com> <[🔎] 20141112130953.GC22041@mraw.org> <[🔎] 546360EE.90208@igalia.com> <[🔎] 20141112163844.GA2077@betterave.cristau.org> <[🔎] 5463A5A7.6030606@igalia.com>
On Wed, Nov 12, 2014 at 19:23:35 +0100, Carlos Alberto Lopez Perez wrote: > Please unblock aircrack-ng/1:1.2-0~beta3-3 That code doesn't inspire any sort of confidence... Unblocked. Cheers, JulienAttachment: signature.asc
Description: Digital signature
--- End Message ---