Bug#771552: marked as done (unblock: tcpdump/4.6.2-3)

[owner@bugs.debian.org (Debian Bug Tracking System)]

Your message dated Sun, 30 Nov 2014 17:06:49 +0000
with message-id <1417367209.2472.31.camel@adam-barratt.org.uk>
and subject line Re: Bug#771552: unblock: tcpdump/4.6.2-3
has caused the Debian Bug report #771552,
regarding unblock: tcpdump/4.6.2-3
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
771552: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=771552
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: Debian Bug Tracking System <submit@bugs.debian.org>
• Subject: unblock: tcpdump/4.6.2-3
• From: Romain Francoise <rfrancoise@debian.org>
• Date: Sun, 30 Nov 2014 17:56:50 +0100
• Message-id: <[🔎] 20141130165650.24084.32277.reportbug@silenus.orebokech.com>

Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

Dear Release Team,

Please unblock tcpdump 4.6.2-3, it fixes a security vulnerability in the
PPP dissector known as CVE-2014-9140.

Full debdiff attached

unblock tcpdump/4.6.2-3

diffstat for tcpdump-4.6.2 tcpdump-4.6.2

 changelog                     |    7 +++++
 patches/60_cve-2014-9140.diff |   50 ++++++++++++++++++++++++++++++++++++++++++
 patches/series                |    1 
 3 files changed, 58 insertions(+)

diff -Nru tcpdump-4.6.2/debian/changelog tcpdump-4.6.2/debian/changelog
--- tcpdump-4.6.2/debian/changelog	2014-11-22 11:48:11.000000000 +0100
+++ tcpdump-4.6.2/debian/changelog	2014-11-29 12:24:11.000000000 +0100
@@ -1,3 +1,10 @@
+tcpdump (4.6.2-3) unstable; urgency=high
+
+  * Cherry-pick commit 0f95d441e4 from upstream Git to fix a buffer overflow
+    in the PPP dissector (CVE-2014-9140).
+
+ -- Romain Francoise <rfrancoise@debian.org>  Sat, 29 Nov 2014 12:23:53 +0100
+
 tcpdump (4.6.2-2) unstable; urgency=high
 
   * Urgency high due to security fixes.
diff -Nru tcpdump-4.6.2/debian/patches/60_cve-2014-9140.diff tcpdump-4.6.2/debian/patches/60_cve-2014-9140.diff
--- tcpdump-4.6.2/debian/patches/60_cve-2014-9140.diff	1970-01-01 01:00:00.000000000 +0100
+++ tcpdump-4.6.2/debian/patches/60_cve-2014-9140.diff	2014-11-29 12:15:29.000000000 +0100
@@ -0,0 +1,50 @@
+commit 0f95d441e4b5d7512cc5c326c8668a120e048eda
+Author: Guy Harris <guy@alum.mit.edu>
+Date:   Wed Oct 22 12:31:21 2014 -0700
+
+    Do bounds checking when unescaping PPP.
+    
+    Clean up a const issue while we're at it.
+
+diff --git a/print-ppp.c b/print-ppp.c
+index 8e098f0..9a983e6 100644
+--- a/print-ppp.c
++++ b/print-ppp.c
+@@ -1351,14 +1351,15 @@ static void
+ ppp_hdlc(netdissect_options *ndo,
+          const u_char *p, int length)
+ {
+-	u_char *b, *s, *t, c;
++	u_char *b, *t, c;
++	const u_char *s;
+ 	int i, proto;
+ 	const void *se;
+ 
+         if (length <= 0)
+                 return;
+ 
+-	b = (uint8_t *)malloc(length);
++	b = (u_char *)malloc(length);
+ 	if (b == NULL)
+ 		return;
+ 
+@@ -1367,14 +1368,13 @@ ppp_hdlc(netdissect_options *ndo,
+ 	 * Do this so that we dont overwrite the original packet
+ 	 * contents.
+ 	 */
+-	for (s = (u_char *)p, t = b, i = length; i > 0; i--) {
++	for (s = p, t = b, i = length; i > 0 && ND_TTEST(*s); i--) {
+ 		c = *s++;
+ 		if (c == 0x7d) {
+-			if (i > 1) {
+-				i--;
+-				c = *s++ ^ 0x20;
+-			} else
+-				continue;
++			if (i <= 1 || !ND_TTEST(*s))
++				break;
++			i--;
++			c = *s++ ^ 0x20;
+ 		}
+ 		*t++ = c;
+ 	}
diff -Nru tcpdump-4.6.2/debian/patches/series tcpdump-4.6.2/debian/patches/series
--- tcpdump-4.6.2/debian/patches/series	2014-11-22 11:38:26.000000000 +0100
+++ tcpdump-4.6.2/debian/patches/series	2014-11-29 12:19:11.000000000 +0100
@@ -7,3 +7,4 @@
 60_cve-2014-8767.diff
 60_cve-2014-8768.diff
 60_cve-2014-8769.diff
+60_cve-2014-9140.diff

--- End Message ---

--- Begin Message ---

• To: Romain Francoise <rfrancoise@debian.org>, 771552-done@bugs.debian.org
• Subject: Re: Bug#771552: unblock: tcpdump/4.6.2-3
• From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
• Date: Sun, 30 Nov 2014 17:06:49 +0000
• Message-id: <1417367209.2472.31.camel@adam-barratt.org.uk>
• In-reply-to: <[🔎] 20141130165650.24084.32277.reportbug@silenus.orebokech.com>
• References: <[🔎] 20141130165650.24084.32277.reportbug@silenus.orebokech.com>

On Sun, 2014-11-30 at 17:56 +0100, Romain Francoise wrote:
> Please unblock tcpdump 4.6.2-3, it fixes a security vulnerability in the
> PPP dissector known as CVE-2014-9140.

Unblocked.

Regards,

Adam

--- End Message ---