Bug#779863: marked as done (unblock: bibtool/2.57+ds-3)

[owner@bugs.debian.org (Debian Bug Tracking System)]

Your message dated Thu, 05 Mar 2015 22:20:48 +0100
with message-id <54F8C8B0.8080501@thykier.net>
and subject line Re: Bug#779863: unblock: bibtool/2.57+ds-3
has caused the Debian Bug report #779863,
regarding unblock: bibtool/2.57+ds-3
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
779863: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=779863
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: Debian Bug Tracking System <submit@bugs.debian.org>
• Subject: unblock: bibtool/2.57+ds-3
• From: Moritz Muehlenhoff <jmm@debian.org>
• Date: Thu, 05 Mar 2015 18:59:39 +0100
• Message-id: <[🔎] 20150305175939.7857.37362.reportbug@pisco.westfalen.local>

Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

Please unblock package bibtool. It fixes a buffer overflow w/o
CVE ID.

unblock bibtool/2.57+ds-3

debdiff:

diff -Nru bibtool-2.57+ds/debian/changelog bibtool-2.57+ds/debian/changelog
--- bibtool-2.57+ds/debian/changelog	2014-10-22 01:46:28.000000000 +0200
+++ bibtool-2.57+ds/debian/changelog	2015-03-04 13:13:27.000000000 +0100
@@ -1,3 +1,9 @@
+bibtool (2.57+ds-3) unstable; urgency=medium
+
+  * buffer overflow security fix (Closes: #779573).
+
+ -- Jerome Benoit <calculus@rezozer.net>  Wed, 04 Mar 2015 07:28:23 +0000
+
 bibtool (2.57+ds-2) unstable; urgency=medium
 
   * fix location of documentation for texdoc
diff -Nru bibtool-2.57+ds/debian/gbp.conf bibtool-2.57+ds/debian/gbp.conf
--- bibtool-2.57+ds/debian/gbp.conf	1970-01-01 01:00:00.000000000 +0100
+++ bibtool-2.57+ds/debian/gbp.conf	2015-03-04 13:13:27.000000000 +0100
@@ -0,0 +1,2 @@
+[DEFAULT]
+debian-branch=jessie
diff -Nru bibtool-2.57+ds/debian/patches/security_fix-heap_buffer_overflow.patch bibtool-2.57+ds/debian/patches/security_fix-heap_buffer_overflow.patch
--- bibtool-2.57+ds/debian/patches/security_fix-heap_buffer_overflow.patch	1970-01-01 01:00:00.000000000 +0100
+++ bibtool-2.57+ds/debian/patches/security_fix-heap_buffer_overflow.patch	2015-03-04 13:13:27.000000000 +0100
@@ -0,0 +1,31 @@
+Description: security fix: heap buffer overflow
+ Minimal version extracted by hand from uptream commits
+ c6ed92c556f28ca2c738972c647486f9e11424bf
+ and f23adeeb58e64a9e73b0f38c87684a2ce488feed
+ at https://github.com/ge-ne/bibtool/.
+Origin: upstream maintainer
+Author: Gerd Neugebauer <gene@gerd-neugebauer.de>
+Last-Update: 2015-03-04
+
+--- a/print.c
++++ b/print.c
+@@ -269,7 +269,7 @@
+ 	  save_ptr = s;				   /*                        */
+  						   /*                        */
+ 	for(ptr = s;				   /* Search next newline    */
+-	    ptr <= save_ptr && *ptr != '\n';	   /*  or end of region      */
++	    ptr < save_ptr && *ptr != '\n';	   /*  or end of region      */
+ 	    ptr++) {}				   /*                        */
+  						   /*                        */
+ 	if ( *ptr == '\n' )			   /*                        */
+--- a/rewrite.c
++++ b/rewrite.c
+@@ -304,7 +304,7 @@
+     DebugPrint2("field   = ",field);	   	   /*			     */
+     (void)SParseSkip(&s);			   /*                        */
+ 						   /*			     */
+-    if ( stackp > stacksize )			   /*                        */
++    if ( stackp >= stacksize )			   /*                        */
+     { stacksize += 8;				   /*                        */
+       if ( (stack=(Uchar**)realloc((char*)stack,   /*                        */
+ 				  stacksize*sizeof(char*)))==NULL)/*         */
diff -Nru bibtool-2.57+ds/debian/patches/series bibtool-2.57+ds/debian/patches/series
--- bibtool-2.57+ds/debian/patches/series	2014-10-22 01:46:28.000000000 +0200
+++ bibtool-2.57+ds/debian/patches/series	2015-03-04 13:13:27.000000000 +0100
@@ -1,3 +1,4 @@
+security_fix-heap_buffer_overflow.patch
 cleanup-upstream.patch
 rationalization-upstream-doc.patch
 secure-upstream-doc.patch


-- System Information:
Debian Release: 8.0
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.16.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

--- End Message ---

--- Begin Message ---

• To: Moritz Muehlenhoff <jmm@debian.org>, 779863-done@bugs.debian.org
• Subject: Re: Bug#779863: unblock: bibtool/2.57+ds-3
• From: Niels Thykier <niels@thykier.net>
• Date: Thu, 05 Mar 2015 22:20:48 +0100
• Message-id: <54F8C8B0.8080501@thykier.net>
• In-reply-to: <[🔎] 20150305175939.7857.37362.reportbug@pisco.westfalen.local>
• References: <[🔎] 20150305175939.7857.37362.reportbug@pisco.westfalen.local>

On 2015-03-05 18:59, Moritz Muehlenhoff wrote:
> Package: release.debian.org
> Severity: normal
> User: release.debian.org@packages.debian.org
> Usertags: unblock
> 
> Please unblock package bibtool. It fixes a buffer overflow w/o
> CVE ID.
> 
> unblock bibtool/2.57+ds-3
> 
> debdiff:
> 
> [...]

Unblocked, thanks.

~Niels

--- End Message ---