Bug#776615: marked as done (unblock: libssh/0.6.3-4)

To: Niels Thykier <niels@thykier.net>
Subject: Bug#776615: marked as done (unblock: libssh/0.6.3-4)
From: owner@bugs.debian.org (Debian Bug Tracking System)
Date: Fri, 30 Jan 2015 06:51:08 +0000
Message-id: <[🔎] handler.776615.D776615.14226005741444.ackdone@bugs.debian.org>
References: <54CB2973.7050300@thykier.net> <[🔎] 20150130000900.10559.11185.reportbug@fornost.bigon.be>

Your message dated Fri, 30 Jan 2015 07:49:23 +0100
with message-id <54CB2973.7050300@thykier.net>
and subject line Re: Bug#776615: unblock: libssh/0.6.3-4
has caused the Debian Bug report #776615,
regarding unblock: libssh/0.6.3-4
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
776615: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776615
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: unblock: libssh/0.6.3-4
From: Laurent Bigonville <bigon@debian.org>
Date: Fri, 30 Jan 2015 01:09:00 +0100
Message-id: <[🔎] 20150130000900.10559.11185.reportbug@fornost.bigon.be>

Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

Hello,

I've uploaded libssh 0.6.3-4 that contains a security fix for #773577
(CVE-2014-8132).

Please unblock package libssh

unblock libssh/0.6.3-4

-- System Information:
Debian Release: 8.0
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.18.0-trunk-amd64 (SMP w/8 CPU cores)
Locale: LANG=fr_BE.utf8, LC_CTYPE=fr_BE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

diff -Nru libssh-0.6.3/debian/changelog libssh-0.6.3/debian/changelog
--- libssh-0.6.3/debian/changelog	2014-08-30 17:31:23.000000000 +0200
+++ libssh-0.6.3/debian/changelog	2015-01-27 00:28:06.000000000 +0100
@@ -1,3 +1,10 @@
+libssh (0.6.3-4) unstable; urgency=medium
+
+  * Add debian/patches/0001_CVE-2014-8132.patch: Fixup error path in
+    ssh_packet_kexinit() (Closes: #773577, CVE-2014-8132)
+
+ -- Laurent Bigonville <bigon@debian.org>  Tue, 27 Jan 2015 00:28:01 +0100
+
 libssh (0.6.3-3) unstable; urgency=low
 
   [ Sebastian Ramacher ]
diff -Nru libssh-0.6.3/debian/patches/0001_CVE-2014-8132.patch libssh-0.6.3/debian/patches/0001_CVE-2014-8132.patch
--- libssh-0.6.3/debian/patches/0001_CVE-2014-8132.patch	1970-01-01 01:00:00.000000000 +0100
+++ libssh-0.6.3/debian/patches/0001_CVE-2014-8132.patch	2015-01-27 00:28:06.000000000 +0100
@@ -0,0 +1,39 @@
+commit 87ae95eb3c2f35d3e8e00eca43d0711ab2737ef5
+Author: Jon Simons <jon@jonsimons.org>
+Date:   Sat Oct 18 23:23:26 2014 -0700
+
+    CVE-2014-8132: Fixup error path in ssh_packet_kexinit()
+    
+    Before this change, dangling pointers can be unintentionally left in the
+    respective next_crypto kex methods slots.  Ensure to set all slots to
+    NULL in the error-out path.
+    
+    Signed-off-by: Jon Simons <jon@jonsimons.org>
+    Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
+    (cherry picked from commit 2ced24ddd67a261dc364ad4d8958c068c1671ae7)
+
+diff --git a/src/kex.c b/src/kex.c
+index 563c6a5..fab6bad 100644
+--- a/src/kex.c
++++ b/src/kex.c
+@@ -315,7 +315,7 @@ SSH_PACKET_CALLBACK(ssh_packet_kexinit){
+   for (i = 0; i < KEX_METHODS_SIZE; i++) {
+     str = buffer_get_ssh_string(packet);
+     if (str == NULL) {
+-      break;
++      goto error;
+     }
+ 
+     if (buffer_add_ssh_string(session->in_hashbuf, str) < 0) {
+@@ -350,6 +350,11 @@ SSH_PACKET_CALLBACK(ssh_packet_kexinit){
+ error:
+   ssh_string_free(str);
+   for (i = 0; i < SSH_KEX_METHODS; i++) {
++    if (server_kex) {
++        session->next_crypto->client_kex.methods[i] = NULL;
++    } else { /* client */
++        session->next_crypto->server_kex.methods[i] = NULL;
++    }
+     SAFE_FREE(strings[i]);
+   }
+ 
diff -Nru libssh-0.6.3/debian/patches/series libssh-0.6.3/debian/patches/series
--- libssh-0.6.3/debian/patches/series	2014-08-30 17:31:23.000000000 +0200
+++ libssh-0.6.3/debian/patches/series	2015-01-27 00:28:06.000000000 +0100
@@ -1,3 +1,4 @@
+0001_CVE-2014-8132.patch
 1001_error-msg-typo-fix.patch
 1003-custom-lib-names.patch
 2002-fix-html-doc-generation.patch

--- End Message ---

--- Begin Message ---

To: Laurent Bigonville <bigon@debian.org>, 776615-done@bugs.debian.org

Subject: Re: Bug#776615: unblock: libssh/0.6.3-4

From: Niels Thykier <niels@thykier.net>

Date: Fri, 30 Jan 2015 07:49:23 +0100

Message-id: <54CB2973.7050300@thykier.net>

In-reply-to: <[🔎] 20150130000900.10559.11185.reportbug@fornost.bigon.be>

References: <[🔎] 20150130000900.10559.11185.reportbug@fornost.bigon.be>
On 2015-01-30 01:09, Laurent Bigonville wrote:
> Package: release.debian.org
> Severity: normal
> User: release.debian.org@packages.debian.org
> Usertags: unblock
> 
> Hello,
> 
> I've uploaded libssh 0.6.3-4 that contains a security fix for #773577
> (CVE-2014-8132).
> 
> Please unblock package libssh
> 
> unblock libssh/0.6.3-4
> 
> [...]

Unblocked, thanks.

~Niels
--- End Message ---

Reply to:

References:
- Bug#776615: unblock: libssh/0.6.3-4
  - From: Laurent Bigonville <bigon@debian.org>

Prev by Date: NEW changes in stable-new
Next by Date: Processed: tagging 775770
Previous by thread: Bug#776615: unblock: libssh/0.6.3-4
Next by thread: Bug#776616: unblock: fso stack
Index(es):
- Date
- Thread