[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#823794: marked as done (jessie-pu: package file/1:5.22+15-2+deb8u2)

Your message dated Sat, 17 Sep 2016 13:08:06 +0100
with message-id <1474114086.2011.126.camel@adam-barratt.org.uk>
and subject line Closing p-u bugs for updates in 8.6
has caused the Debian Bug report #823794,
regarding jessie-pu: package file/1:5.22+15-2+deb8u2
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
823794: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=823794
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian.org@packages.debian.org
Usertags: pu

Hello release team,

the stable security team suggested to fix CVE-2015-8865¹ in the
file package via a point relase.

Description: "Buffer over-write in finfo_open with malformed magic
file". If a magic file is unter attacker's control, this can be abused
to crash file.

The debdiff is attached.

Regards,

    Christoph

¹https://security-tracker.debian.org/tracker/CVE-2015-8865

-- System Information:
Debian Release: 8.1
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.4.9 (SMP w/4 CPU cores; PREEMPT)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)


diff -Nru file-5.22+15/debian/changelog file-5.22+15/debian/changelog
--- file-5.22+15/debian/changelog	2015-09-13 18:27:47.000000000 +0200
+++ file-5.22+15/debian/changelog	2016-05-09 08:23:30.000000000 +0200
@@ -1,3 +1,10 @@
+file (1:5.22+15-2+deb8u2) stable; urgency=high
+
+  * Fix CVE-2015-8865:
+    Buffer over-write in finfo_open with malformed magic file.
+
+ -- Christoph Biedl <debian.axhn@manchmal.in-ulm.de>  Mon, 09 May 2016 08:18:53 +0200
+
 file (1:5.22+15-2+deb8u1) stable; urgency=medium
 
   * Fix handling of file's --parameter option. Closes: #798410
diff -Nru file-5.22+15/debian/patches/CVE-2015-8865.6713ca4.patch file-5.22+15/debian/patches/CVE-2015-8865.6713ca4.patch
--- file-5.22+15/debian/patches/CVE-2015-8865.6713ca4.patch	1970-01-01 01:00:00.000000000 +0100
+++ file-5.22+15/debian/patches/CVE-2015-8865.6713ca4.patch	2016-05-09 08:17:17.000000000 +0200
@@ -0,0 +1,24 @@
+Subject: Buffer over-write in finfo_open with malformed magic file
+ID: CVE-2015-8865
+Upstream-Author: Christos Zoulas <christos@zoulas.com>
+Author: Christos Zoulas <christos@zoulas.com>
+Date: Wed Jun 3 18:01:20 2015 +0000
+Origin: FILE5_22-75-g6713ca4
+Origin: https://bugs.php.net/bug.php?id=71527 (Original bug report)
+Origin: http://bugs.gw.com/view.php?id=522 (bug report for file)
+
+    [ Original description: ]
+    PR/454: Fix memory corruption when the continuation level jumps by more than
+    20 in a single step.
+
+--- a/src/funcs.c
++++ b/src/funcs.c
+@@ -401,7 +401,7 @@
+ 	size_t len;
+ 
+ 	if (level >= ms->c.len) {
+-		len = (ms->c.len += 20) * sizeof(*ms->c.li);
++		len = (ms->c.len = 20 + level) * sizeof(*ms->c.li);
+ 		ms->c.li = CAST(struct level_info *, (ms->c.li == NULL) ?
+ 		    malloc(len) :
+ 		    realloc(ms->c.li, len));
diff -Nru file-5.22+15/debian/patches/series file-5.22+15/debian/patches/series
--- file-5.22+15/debian/patches/series	2015-09-13 18:26:26.000000000 +0200
+++ file-5.22+15/debian/patches/series	2016-05-09 08:10:53.000000000 +0200
@@ -12,3 +12,4 @@
 0013-jpeg.c5d7f4d.patch
 cherry-pick.FILE5_24-22-g27b4e34.parameter-1.patch
 cherry-pick.FILE5_24-23-g4ddb783.parameter-2.patch
+CVE-2015-8865.6713ca4.patch

Attachment: signature.asc
Description: Digital signature


--- End Message ---
--- Begin Message --- 
Version: 8.6

The updates referred to in each of these bugs were included in today's
stable point release.

Regards,

Adam

--- End Message ---
Reply to: