Bug#853264: marked as done (unblock: wavpack/5.0.0-2)

[owner@bugs.debian.org (Debian Bug Tracking System)]

Your message dated Fri, 03 Feb 2017 17:00:00 +0000
with message-id <0a089484-a529-9e8a-d4b1-afa0954d3c37@thykier.net>
and subject line Re: Bug#853264: unblock: wavpack/5.0.0-2
has caused the Debian Bug report #853264,
regarding unblock: wavpack/5.0.0-2
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
853264: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=853264
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: Debian Bug Tracking System <submit@bugs.debian.org>
• Subject: unblock: wavpack/5.0.0-2
• From: Sebastian Ramacher <sramacher@debian.org>
• Date: Mon, 30 Jan 2017 22:27:29 +0100
• Message-id: <20170130212729.gsvz7dcrr24bi3ty@ramacher.at>

Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

Please unblock package wavpack. 5.0.0-2 fixes CVE-2016-10169, CVE-2016-10170,
CVE-2016-10171 and CVE-2016-10172 by simply applying upstream's patch for the
CVEs.

unblock wavpack/5.0.0-2

-- System Information:
Debian Release: 9.0
  APT prefers unstable-debug
  APT policy: (650, 'unstable-debug'), (650, 'buildd-unstable'), (650, 'unstable'), (601, 'testing'), (600, 'experimental-debug'), (600, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.9.0-1-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

-- 
Sebastian Ramacher

diff --git a/debian/changelog b/debian/changelog
index 18586f6..3cc049a 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,12 @@
+wavpack (5.0.0-2) unstable; urgency=medium
+
+  * Team upload.
+  * debian/patches: Apply upstream fix to fix some fuzz failures
+    (CVE-2016-10169, CVE-2016-10170, CVE-2016-10171, CVE-2016-10172). (Closes:
+    #853076)
+
+ -- Sebastian Ramacher <sramacher@debian.org>  Mon, 30 Jan 2017 21:04:05 +0100
+
 wavpack (5.0.0-1) unstable; urgency=medium
 
   * Team upload.
diff --git a/debian/patches/fixes-for-4-fuzz-failures-posted-to-SourceForge-mail.patch b/debian/patches/fixes-for-4-fuzz-failures-posted-to-SourceForge-mail.patch
new file mode 100644
index 0000000..62346c7
--- /dev/null
+++ b/debian/patches/fixes-for-4-fuzz-failures-posted-to-SourceForge-mail.patch
@@ -0,0 +1,52 @@
+From 4bc05fc490b66ef2d45b1de26abf1455b486b0dc Mon Sep 17 00:00:00 2001
+From: David Bryant <david@wavpack.com>
+Date: Wed, 21 Dec 2016 22:18:36 -0800
+Subject: [PATCH] fixes for 4 fuzz failures posted to SourceForge mailing list
+
+---
+ src/open_utils.c | 6 +++++-
+ src/read_words.c | 4 ++++
+ 2 files changed, 9 insertions(+), 1 deletion(-)
+
+diff --git a/src/open_utils.c b/src/open_utils.c
+index 7519f99..a844046 100644
+--- a/src/open_utils.c
++++ b/src/open_utils.c
+@@ -560,7 +560,7 @@ static int read_new_config_info (WavpackContext *wpc, WavpackMetadata *wpmd)
+ 
+     // if there's any data, the first two bytes are file_format and qmode flags
+ 
+-    if (bytecnt) {
++    if (bytecnt >= 2) {
+         wpc->file_format = *byteptr++;
+         wpc->config.qmode = (wpc->config.qmode & ~0xff) | *byteptr++;
+         bytecnt -= 2;
+@@ -593,6 +593,10 @@ static int read_new_config_info (WavpackContext *wpc, WavpackMetadata *wpmd)
+                         for (i = 0; i < nchans; ++i)
+                             if (bytecnt) {
+                                 wpc->channel_reordering [i] = *byteptr++;
++
++                                if (wpc->channel_reordering [i] >= nchans)  // make sure index is in range
++                                    wpc->channel_reordering [i] = 0;
++
+                                 bytecnt--;
+                             }
+                             else
+diff --git a/src/read_words.c b/src/read_words.c
+index 62acac3..a537bfa 100644
+--- a/src/read_words.c
++++ b/src/read_words.c
+@@ -288,6 +288,10 @@ int32_t FASTCALL get_word (WavpackStream *wps, int chan, int32_t *correction)
+ 
+     low &= 0x7fffffff;
+     high &= 0x7fffffff;
++
++    if (low > high)         // make sure high and low make sense
++        high = low;
++
+     mid = (high + low + 1) >> 1;
+ 
+     if (!c->error_limit)
+-- 
+2.11.0
+
diff --git a/debian/patches/series b/debian/patches/series
new file mode 100644
index 0000000..28b0d00
--- /dev/null
+++ b/debian/patches/series
@@ -0,0 +1 @@
+fixes-for-4-fuzz-failures-posted-to-SourceForge-mail.patch

Attachment: signature.asc
Description: PGP signature

--- End Message ---

--- Begin Message ---

• To: Sebastian Ramacher <sramacher@debian.org>, 853264-done@bugs.debian.org
• Subject: Re: Bug#853264: unblock: wavpack/5.0.0-2
• From: Niels Thykier <niels@thykier.net>
• Date: Fri, 03 Feb 2017 17:00:00 +0000
• Message-id: <0a089484-a529-9e8a-d4b1-afa0954d3c37@thykier.net>
• In-reply-to: <20170130212729.gsvz7dcrr24bi3ty@ramacher.at>
• References: <20170130212729.gsvz7dcrr24bi3ty@ramacher.at>

Sebastian Ramacher:
> Package: release.debian.org
> Severity: normal
> User: release.debian.org@packages.debian.org
> Usertags: unblock
> 
> Please unblock package wavpack. 5.0.0-2 fixes CVE-2016-10169, CVE-2016-10170,
> CVE-2016-10171 and CVE-2016-10172 by simply applying upstream's patch for the
> CVEs.
> 
> unblock wavpack/5.0.0-2
> 
> [...]

Unblocked, thanks.

~Niels

--- End Message ---