[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#868054: marked as done (stretch-pu: package dwarfutils/20161124-1+deb9u1)

Your message dated Sat, 22 Jul 2017 13:17:18 +0100
with message-id <1500725838.14212.3.camel@adam-barratt.org.uk>
and subject line Closing bugs for 9.1 p-u fixes
has caused the Debian Bug report #868054,
regarding stretch-pu: package dwarfutils/20161124-1+deb9u1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
868054: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=868054
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian.org@packages.debian.org
Usertags: pu

Dear Release Team,

I would like to propose the following changes to the dwarfutils
package in stretch:

  * Add patch 02-fix-CVE-2017-9052.patch to fix CVE-2017-9052 and
    CVE-2017-9055 (Closes: #864064).
  * Add patch 03-fix-CVE-2017-9053.patch to fix CVE-2017-9053.
  * Add patch 04-fix-CVE-2017-9054.patch to fix CVE-2017-9054.
  * Add patch 05-fix-CVE-2017-9998.patch to fix CVE-2017-9998
    (Closes: #866968).

This update would fix all currently known vulnerabilities in the
dwarfutils package in stretch. All changes have been cherry-picked
from the upstream development repository, and all of them are already
in unstable.

I have attached the debdiff that I would like to apply to the current
version in stable.

Thank you!

Kind regards,
Fabian

diff -Nru dwarfutils-20161124/debian/changelog dwarfutils-20161124/debian/changelog
--- dwarfutils-20161124/debian/changelog	2016-11-25 14:23:27.000000000 +0100
+++ dwarfutils-20161124/debian/changelog	2017-07-11 15:33:51.000000000 +0200
@@ -1,3 +1,14 @@
+dwarfutils (20161124-1+deb9u1) stable; urgency=medium
+
+  * Add patch 02-fix-CVE-2017-9052.patch to fix CVE-2017-9052 and
+    CVE-2017-9055 (Closes: #864064).
+  * Add patch 03-fix-CVE-2017-9053.patch to fix CVE-2017-9053.
+  * Add patch 04-fix-CVE-2017-9054.patch to fix CVE-2017-9054.
+  * Add patch 05-fix-CVE-2017-9998.patch to fix CVE-2017-9998
+    (Closes: #866968).
+
+ -- Fabian Wolff <fabi.wolff@arcor.de>  Tue, 11 Jul 2017 15:33:51 +0200
+
 dwarfutils (20161124-1) unstable; urgency=medium
 
   * New upstream release.
diff -Nru dwarfutils-20161124/debian/patches/02-fix-CVE-2017-9052.patch dwarfutils-20161124/debian/patches/02-fix-CVE-2017-9052.patch
--- dwarfutils-20161124/debian/patches/02-fix-CVE-2017-9052.patch	1970-01-01 01:00:00.000000000 +0100
+++ dwarfutils-20161124/debian/patches/02-fix-CVE-2017-9052.patch	2017-07-11 15:33:51.000000000 +0200
@@ -0,0 +1,31 @@
+Description: Fix CVE-2017-9052 and CVE-2017-9055
+Origin: upstream, https://sourceforge.net/p/libdwarf/code/ci/cc37d6917011733d776ae228af4e5d6abe9613c1/
+Bug: https://www.prevanders.net/dwarfbug.html#DW201703-006
+Bug-Debian: https://bugs.debian.org/864064
+Last-Update: 2017-07-08
+---
+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
+--- a/libdwarf/dwarf_form.c
++++ b/libdwarf/dwarf_form.c
+@@ -934,6 +934,10 @@
+     switch (attr->ar_attribute_form) {
+ 
+     case DW_FORM_data1:
++        if (attr->ar_debug_ptr >= section_end) {
++            _dwarf_error(dbg, error, DW_DLE_DIE_BAD);
++            return DW_DLV_ERROR;
++        }
+         *return_sval = (*(Dwarf_Sbyte *) attr->ar_debug_ptr);
+         return DW_DLV_OK;
+ 
+--- a/libdwarf/dwarf_query.c
++++ b/libdwarf/dwarf_query.c
+@@ -377,7 +377,7 @@
+             }
+             if (_dwarf_reference_outside_section(die,
+                 (Dwarf_Small*) info_ptr,
+-                (Dwarf_Small*) info_ptr)) {
++                ((Dwarf_Small*) info_ptr)+1)) {
+                 _dwarf_error(dbg, error,DW_DLE_ATTR_OUTSIDE_SECTION);
+                 return DW_DLV_ERROR;
+             }
diff -Nru dwarfutils-20161124/debian/patches/03-fix-CVE-2017-9053.patch dwarfutils-20161124/debian/patches/03-fix-CVE-2017-9053.patch
--- dwarfutils-20161124/debian/patches/03-fix-CVE-2017-9053.patch	1970-01-01 01:00:00.000000000 +0100
+++ dwarfutils-20161124/debian/patches/03-fix-CVE-2017-9053.patch	2017-07-11 15:33:51.000000000 +0200
@@ -0,0 +1,86 @@
+Description: Fix CVE-2017-9053
+Origin: upstream, https://sourceforge.net/p/libdwarf/code/ci/cc37d6917011733d776ae228af4e5d6abe9613c1/
+Bug: https://www.prevanders.net/dwarfbug.html#DW201703-005
+Bug-Debian: https://bugs.debian.org/864064
+Last-Update: 2017-07-08
+---
+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
+--- a/libdwarf/dwarf_loc.c
++++ b/libdwarf/dwarf_loc.c
+@@ -237,6 +237,10 @@
+         break;
+ 
+     case DW_OP_const1u:
++        if (loc_ptr >= section_end) {
++            _dwarf_error(dbg,error,DW_DLE_LOCEXPR_OFF_SECTION_END);
++            return DW_DLV_ERROR;
++        }
+         operand1 = *(Dwarf_Small *) loc_ptr;
+         loc_ptr = loc_ptr + 1;
+         if (loc_ptr > section_end) {
+@@ -247,6 +251,10 @@
+         break;
+ 
+     case DW_OP_const1s:
++        if (loc_ptr >= section_end) {
++            _dwarf_error(dbg,error,DW_DLE_LOCEXPR_OFF_SECTION_END);
++            return DW_DLV_ERROR;
++        }
+         operand1 = *(Dwarf_Sbyte *) loc_ptr;
+         SIGN_EXTEND(operand1,1);
+         loc_ptr = loc_ptr + 1;
+@@ -372,6 +380,10 @@
+         break;
+ 
+     case DW_OP_pick:
++        if (loc_ptr >= section_end) {
++            _dwarf_error(dbg,error,DW_DLE_LOCEXPR_OFF_SECTION_END);
++            return DW_DLV_ERROR;
++        }
+         operand1 = *(Dwarf_Small *) loc_ptr;
+         loc_ptr = loc_ptr + 1;
+         if (loc_ptr > section_end) {
+@@ -388,6 +400,10 @@
+         break;
+ 
+     case DW_OP_deref_size:
++        if (loc_ptr >= section_end) {
++            _dwarf_error(dbg,error,DW_DLE_LOCEXPR_OFF_SECTION_END);
++            return DW_DLV_ERROR;
++        }
+         operand1 = *(Dwarf_Small *) loc_ptr;
+         loc_ptr = loc_ptr + 1;
+         if (loc_ptr > section_end) {
+@@ -401,6 +417,10 @@
+         break;
+ 
+     case DW_OP_xderef_type:        /* DWARF5 */
++        if (loc_ptr >= section_end) {
++            _dwarf_error(dbg,error,DW_DLE_LOCEXPR_OFF_SECTION_END);
++            return DW_DLV_ERROR;
++        }
+         operand1 = *(Dwarf_Small *) loc_ptr;
+         loc_ptr = loc_ptr + 1;
+         if (loc_ptr > section_end) {
+@@ -415,6 +435,10 @@
+         break;
+ 
+     case DW_OP_xderef_size:
++        if (loc_ptr >= section_end) {
++            _dwarf_error(dbg,error,DW_DLE_LOCEXPR_OFF_SECTION_END);
++            return DW_DLV_ERROR;
++        }
+         operand1 = *(Dwarf_Small *) loc_ptr;
+         loc_ptr = loc_ptr + 1;
+         if (loc_ptr > section_end) {
+@@ -520,6 +544,10 @@
+         break;
+     case DW_OP_deref_type:     /* DWARF5 */
+     case DW_OP_GNU_deref_type: /* 0xf6 */
++        if (loc_ptr >= section_end) {
++            _dwarf_error(dbg,error,DW_DLE_LOCEXPR_OFF_SECTION_END);
++            return DW_DLV_ERROR;
++        }
+         operand1 = *(Dwarf_Small *) loc_ptr;
+         loc_ptr = loc_ptr + 1;
+         if (loc_ptr > section_end) {
diff -Nru dwarfutils-20161124/debian/patches/04-fix-CVE-2017-9054.patch dwarfutils-20161124/debian/patches/04-fix-CVE-2017-9054.patch
--- dwarfutils-20161124/debian/patches/04-fix-CVE-2017-9054.patch	1970-01-01 01:00:00.000000000 +0100
+++ dwarfutils-20161124/debian/patches/04-fix-CVE-2017-9054.patch	2017-07-11 15:33:51.000000000 +0200
@@ -0,0 +1,23 @@
+Description: Fix CVE-2017-9054
+Origin: upstream, https://sourceforge.net/p/libdwarf/code/ci/cc37d6917011733d776ae228af4e5d6abe9613c1/
+Bug: https://www.prevanders.net/dwarfbug.html#DW201703-002
+Bug-Debian: https://bugs.debian.org/864064
+Last-Update: 2017-07-08
+---
+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
+--- a/libdwarf/dwarf_leb.c
++++ b/libdwarf/dwarf_leb.c
+@@ -301,11 +301,11 @@
+             break;
+         }
+         ++leb128;
+-        byte = *leb128;
+-        byte_length++;
+         if (leb128 >= endptr) {
+             return DW_DLV_ERROR;
+         }
++        byte = *leb128;
++        byte_length++;
+         if (byte_length > BYTESLEBMAX) {
+             /*  Erroneous input. */
+             if (leb128_length) {
diff -Nru dwarfutils-20161124/debian/patches/05-fix-CVE-2017-9998.patch dwarfutils-20161124/debian/patches/05-fix-CVE-2017-9998.patch
--- dwarfutils-20161124/debian/patches/05-fix-CVE-2017-9998.patch	1970-01-01 01:00:00.000000000 +0100
+++ dwarfutils-20161124/debian/patches/05-fix-CVE-2017-9998.patch	2017-07-11 15:33:51.000000000 +0200
@@ -0,0 +1,41 @@
+Description: Fix CVE-2017-9998
+Origin: upstream, https://sourceforge.net/p/libdwarf/code/ci/e91681e8841291f57386f26a90897fd1dcf92a6e/
+Bug: https://www.prevanders.net/dwarfbug.html#DW201706-001
+Bug-Debian: https://bugs.debian.org/866968
+Last-Update: 2017-07-08
+---
+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
+--- a/libdwarf/dwarf_query.c
++++ b/libdwarf/dwarf_query.c
+@@ -524,11 +524,17 @@
+         if (res != DW_DLV_OK) {
+             return res;
+         }
+-        if ((info_ptr + value_size) > die_info_end) {
+-            /*  Something badly wrong. We point past end
+-                of debug_info or debug_types . */
+-            _dwarf_error(dbg,error,DW_DLE_DIE_ABBREV_BAD);
+-            return DW_DLV_ERROR;
++        {
++            /* ptrdiff_t is signed type, so use DW signed type */
++            Dwarf_Signed len = die_info_end - info_ptr;
++            if (len < 0 || (value_size > ((Dwarf_Unsigned)len))) {
++                /*  Something badly wrong. We point past end
++                    of debug_info or debug_types or a
++                    section is unreasonably sized or we are
++                    pointing to two different sections? */
++                _dwarf_error(dbg,error,DW_DLE_DIE_ABBREV_BAD);
++                return DW_DLV_ERROR;
++            }
+         }
+         info_ptr+= value_size;
+     } while (curr_attr != 0 || curr_attr_form != 0);
+@@ -679,7 +685,7 @@
+         but with a base. */
+     sectionsize = dbg->de_debug_addr.dss_size;
+     sectionend = sectionstart + sectionsize;
+-    if ((addr_offset + context->cc_address_size) > sectionsize) {
++    if (addr_offset > (sectionsize - context->cc_address_size)) {
+         _dwarf_error(dbg, error, DW_DLE_ATTR_FORM_SIZE_BAD);
+         return (DW_DLV_ERROR);
+     }
diff -Nru dwarfutils-20161124/debian/patches/series dwarfutils-20161124/debian/patches/series
--- dwarfutils-20161124/debian/patches/series	2016-10-28 11:18:37.000000000 +0200
+++ dwarfutils-20161124/debian/patches/series	2017-07-11 15:33:51.000000000 +0200
@@ -1 +1,5 @@
 01-fix-makefile.patch
+02-fix-CVE-2017-9052.patch
+03-fix-CVE-2017-9053.patch
+04-fix-CVE-2017-9054.patch
+05-fix-CVE-2017-9998.patch

Attachment: signature.asc
Description: PGP signature


--- End Message ---
--- Begin Message --- 
Version: 9.1

Hi,

These bugs all relate to updates which were included in today's stretch
point release.

Regards,

Adam

--- End Message ---
Reply to: