--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: jessie-pu: package weechat/1.0.1-1+deb8u2
- From: Salvatore Bonaccorso <carnil@debian.org>
- Date: Thu, 28 Sep 2017 05:15:01 +0200
- Message-id: <150656850101.13790.16683147417177043908.reportbug@lorien.valinor.li>
Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian.org@packages.debian.org
Usertags: pu
Hi
weechat in jessie is affected by CVE-2017-14727, tracked as #876553.
> * logger: call strftime before replacing buffer local variables
> (CVE-2017-14727) (Closes: #876553)
https://weechat.org/news/98/20170923-Version-1.9.1-security-release/
Attached proposed debdiff for the jessie point release.
Regards,
Salvatore
diff -Nru weechat-1.0.1/debian/changelog weechat-1.0.1/debian/changelog
--- weechat-1.0.1/debian/changelog 2017-04-25 07:01:43.000000000 +0200
+++ weechat-1.0.1/debian/changelog 2017-09-27 21:27:15.000000000 +0200
@@ -1,3 +1,11 @@
+weechat (1.0.1-1+deb8u2) jessie; urgency=medium
+
+ * Non-maintainer upload.
+ * logger: call strftime before replacing buffer local variables
+ (CVE-2017-14727) (Closes: #876553)
+
+ -- Salvatore Bonaccorso <carnil@debian.org> Wed, 27 Sep 2017 21:27:15 +0200
+
weechat (1.0.1-1+deb8u1) jessie-security; urgency=high
* Non-maintainer upload by the Security Team.
diff -Nru weechat-1.0.1/debian/patches/0001-logger-call-strftime-before-replacing-buffer-local-v.patch weechat-1.0.1/debian/patches/0001-logger-call-strftime-before-replacing-buffer-local-v.patch
--- weechat-1.0.1/debian/patches/0001-logger-call-strftime-before-replacing-buffer-local-v.patch 1970-01-01 01:00:00.000000000 +0100
+++ weechat-1.0.1/debian/patches/0001-logger-call-strftime-before-replacing-buffer-local-v.patch 2017-09-27 21:27:15.000000000 +0200
@@ -0,0 +1,152 @@
+From: =?UTF-8?q?S=C3=A9bastien=20Helleu?= <flashcode@flashtux.org>
+Date: Sat, 23 Sep 2017 09:36:09 +0200
+Subject: logger: call strftime before replacing buffer local variables
+Origin: https://github.com/weechat/weechat/commit/f105c6f0b56fb5687b2d2aedf37cb1d1b434d556
+Bug-Debian: https://bugs.debian.org/876553
+Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2017-14727
+
+---
+ src/plugins/logger/logger.c | 88 ++++++++++++++++++++++-----------------------
+ 2 files changed, 51 insertions(+), 44 deletions(-)
+
+
+--- a/src/plugins/logger/logger.c
++++ b/src/plugins/logger/logger.c
+@@ -316,71 +316,71 @@ logger_get_mask_for_buffer (struct t_gui
+ char *
+ logger_get_mask_expanded (struct t_gui_buffer *buffer, const char *mask)
+ {
+- char *mask2, *mask_decoded, *mask_decoded2, *mask_decoded3, *mask_decoded4;
+- char *mask_decoded5;
++ char *mask2, *mask3, *mask4, *mask5, *mask6, *mask7;
+ const char *dir_separator;
+ int length;
+ time_t seconds;
+ struct tm *date_tmp;
+
+ mask2 = NULL;
+- mask_decoded = NULL;
+- mask_decoded2 = NULL;
+- mask_decoded3 = NULL;
+- mask_decoded4 = NULL;
+- mask_decoded5 = NULL;
++ mask3 = NULL;
++ mask4 = NULL;
++ mask5 = NULL;
++ mask6 = NULL;
++ mask7 = NULL;
+
+ dir_separator = weechat_info_get ("dir_separator", "");
+ if (!dir_separator)
+ return NULL;
+
++ /* replace date/time specifiers in mask */
++ length = strlen (mask) + 256 + 1;
++ mask2 = malloc (length);
++ if (!mask2)
++ goto end;
++ seconds = time (NULL);
++ date_tmp = localtime (&seconds);
++ mask2[0] = '\0';
++ if (strftime (mask2, length - 1, mask, date_tmp) == 0)
++ mask2[0] = '\0';
++
+ /*
+ * we first replace directory separator (commonly '/') by \01 because
+ * buffer mask can contain this char, and will be replaced by replacement
+ * char ('_' by default)
+ */
+- mask2 = weechat_string_replace (mask, dir_separator, "\01");
+- if (!mask2)
++ mask3 = weechat_string_replace (mask2, dir_separator, "\01");
++ if (!mask3)
+ goto end;
+
+- mask_decoded = weechat_buffer_string_replace_local_var (buffer, mask2);
+- if (!mask_decoded)
++ mask4 = weechat_buffer_string_replace_local_var (buffer, mask3);
++ if (!mask4)
+ goto end;
+
+- mask_decoded2 = weechat_string_replace (mask_decoded,
+- dir_separator,
+- weechat_config_string (logger_config_file_replacement_char));
+- if (!mask_decoded2)
++ mask5 = weechat_string_replace (mask4,
++ dir_separator,
++ weechat_config_string (logger_config_file_replacement_char));
++ if (!mask5)
+ goto end;
+
+ #ifdef __CYGWIN__
+- mask_decoded3 = weechat_string_replace (mask_decoded2, "\\",
+- weechat_config_string (logger_config_file_replacement_char));
++ mask6 = weechat_string_replace (mask5, "\\",
++ weechat_config_string (logger_config_file_replacement_char));
+ #else
+- mask_decoded3 = strdup (mask_decoded2);
++ mask6 = strdup (mask5);
+ #endif
+- if (!mask_decoded3)
++ if (!mask6)
+ goto end;
+
+ /* restore directory separator */
+- mask_decoded4 = weechat_string_replace (mask_decoded3,
+- "\01", dir_separator);
+- if (!mask_decoded4)
+- goto end;
+-
+- /* replace date/time specifiers in mask */
+- length = strlen (mask_decoded4) + 256 + 1;
+- mask_decoded5 = malloc (length);
+- if (!mask_decoded5)
++ mask7 = weechat_string_replace (mask6,
++ "\01", dir_separator);
++ if (!mask7)
+ goto end;
+- seconds = time (NULL);
+- date_tmp = localtime (&seconds);
+- mask_decoded5[0] = '\0';
+- strftime (mask_decoded5, length - 1, mask_decoded4, date_tmp);
+
+ /* convert to lower case? */
+ if (weechat_config_boolean (logger_config_file_name_lower_case))
+- weechat_string_tolower (mask_decoded5);
++ weechat_string_tolower (mask7);
+
+ if (weechat_logger_plugin->debug)
+ {
+@@ -390,22 +390,22 @@ logger_get_mask_expanded (struct t_gui_b
+ "decoded mask = \"%s\"",
+ LOGGER_PLUGIN_NAME,
+ weechat_buffer_get_string (buffer, "name"),
+- mask, mask_decoded5);
++ mask, mask7);
+ }
+
+ end:
+ if (mask2)
+ free (mask2);
+- if (mask_decoded)
+- free (mask_decoded);
+- if (mask_decoded2)
+- free (mask_decoded2);
+- if (mask_decoded3)
+- free (mask_decoded3);
+- if (mask_decoded4)
+- free (mask_decoded4);
++ if (mask3)
++ free (mask3);
++ if (mask4)
++ free (mask4);
++ if (mask5)
++ free (mask5);
++ if (mask6)
++ free (mask6);
+
+- return mask_decoded5;
++ return mask7;
+ }
+
+ /*
diff -Nru weechat-1.0.1/debian/patches/series weechat-1.0.1/debian/patches/series
--- weechat-1.0.1/debian/patches/series 2017-04-25 07:01:43.000000000 +0200
+++ weechat-1.0.1/debian/patches/series 2017-09-27 21:27:15.000000000 +0200
@@ -1 +1,2 @@
0001-irc-fix-parsing-of-DCC-filename.patch
+0001-logger-call-strftime-before-replacing-buffer-local-v.patch
--- End Message ---