Bug#895596: stretch-pu: package xrdp/0.9.1-9+deb9u2
Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian.org@packages.debian.org
Usertags: pu
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
The last upload to stretch, fixing a minor security issue, had an incomplete
patch provided by upstream which can lead to memory corruption and crashes
in some cases.
The update was first negotiated with the security team, who proposed to
update via stretch-pu AND stretch-updates.
Find attached the debdiff.
N.B.: This is not an NMU - I am now using my debian.org mail address, but
did not want to change Uploaders: in a stable update (or should I?).
-----BEGIN PGP SIGNATURE-----
iQKJBAEBCABzFiEEPJ1UpHV1wCb7F/0mt5o8FqDE8pYFAlrQbtsxGmh0dHBzOi8v
d3d3LmRvbWluaWstZ2VvcmdlLmRlL2dwZy1wb2xpY3kudHh0LmFzYyMcZG9taW5p
ay5nZW9yZ2VAaXQucGlyYXRlbnBhcnRlaS5kZQAKCRC3mjwWoMTyljN1D/9DMKk+
5+A2QnYFxVCeqKKhBt/Yc+dXb7CsyDW80nUZWnlyP0XHi4OChJg8+MyjKVMIMTmp
Vr5LBJbFDlDaQ/hqNY0KKqc4Md4PcEXF+krcN4nL0bEAdAFT7BdDJA+rFeoCGz8z
Vi2Ev0JkdWJndHuNMrGFZb0ESOxy+4vF1P7j7zrTvFfeXj/PowbIUzBGPBEQ8o6y
ELbMjXk0ma5gri9mvyv0xaRV7oDUhHA/czq1A+aM2anJmABaZJzLxWd/9YKcvzxV
Gyhv3dQtESd+fQOzbtqW1okhxPIOnaDcldRDjdvNNLsE7PMjcxq0PresNZkeBMKM
Yys7AInm3L8Pv2dHImAl7GSHyO6FpvFWy8DT9IdSgpz196X/Vx/I6do0lPPbqpWT
Q52vCQ21lR7F6FXYYwoDVzpGrM1OB6bOeJxmM6AnTfzwAKsF5g0+AGZuiW0i3AQj
guxhf5CnoVvUfxY7yixjOZUosvipdU/Fktcbs3rpE2tbHKV84pFcq+EJBjjzKMVc
p/rQW2UP53pZGvO45t5S0cwlnqRtxcXH15yyOfMGdx9jdAWcnVHB8h69TIi0jVWB
1s74hN1IpYbCLu63f/ei1NtOKEkJ8vvTl92omHp548G09oIJNenGTI8WQ1mBXzwg
ZqmqS081W7/dtRv+PiZkF+Gh8+QpQHk627f42w==
=H6gU
-----END PGP SIGNATURE-----
diff -Nru xrdp-0.9.1/debian/changelog xrdp-0.9.1/debian/changelog
--- xrdp-0.9.1/debian/changelog 2017-12-15 19:28:28.000000000 +0100
+++ xrdp-0.9.1/debian/changelog 2018-04-12 23:43:25.000000000 +0200
@@ -1,3 +1,10 @@
+xrdp (0.9.1-9+deb9u3) stretch; urgency=high
+
+ * Fix patch for CVE-2017-16927. (Closes: #884702)
+ + Off-by-one mistake could crash xrdp in some cases.
+
+ -- Dominik George <natureshadow@debian.org> Thu, 12 Apr 2018 23:43:25 +0200
+
xrdp (0.9.1-9+deb9u2) stretch; urgency=medium
* Fix CVE-2017-16927. (Closes: #882463)
diff -Nru xrdp-0.9.1/debian/patches/cve-2017-16927.patch xrdp-0.9.1/debian/patches/cve-2017-16927.patch
--- xrdp-0.9.1/debian/patches/cve-2017-16927.patch 2017-12-15 19:28:28.000000000 +0100
+++ xrdp-0.9.1/debian/patches/cve-2017-16927.patch 2018-04-12 23:43:25.000000000 +0200
@@ -18,7 +18,7 @@
/* reading username */
in_uint16_be(c->in_s, sz);
- buf[sz] = '\0';
-+ buf = g_new0(char, sz);
++ buf = g_new0(char, sz + 1);
in_uint8a(c->in_s, buf, sz);
-
+ buf[sz] = '\0';
@@ -34,7 +34,7 @@
/* reading password */
in_uint16_be(c->in_s, sz);
- buf[sz] = '\0';
-+ buf = g_new0(char, sz);
++ buf = g_new0(char, sz + 1);
in_uint8a(c->in_s, buf, sz);
-
+ buf[sz] = '\0';
@@ -53,7 +53,7 @@
if (sz > 0)
{
-+ buf = g_new0(char, sz);
++ buf = g_new0(char, sz + 1);
in_uint8a(c->in_s, buf, sz);
buf[sz] = '\0';
scp_session_set_domain(session, buf);
@@ -65,7 +65,7 @@
if (sz > 0)
{
-+ buf = g_new0(char, sz);
++ buf = g_new0(char, sz + 1);
in_uint8a(c->in_s, buf, sz);
buf[sz] = '\0';
scp_session_set_program(session, buf);
@@ -77,7 +77,7 @@
if (sz > 0)
{
-+ buf = g_new0(char, sz);
++ buf = g_new0(char, sz + 1);
in_uint8a(c->in_s, buf, sz);
buf[sz] = '\0';
scp_session_set_directory(session, buf);
@@ -89,7 +89,7 @@
if (sz > 0)
{
-+ buf = g_new0(char, sz);
++ buf = g_new0(char, sz + 1);
in_uint8a(c->in_s, buf, sz);
buf[sz] = '\0';
scp_session_set_client_ip(session, buf);
@@ -102,7 +102,7 @@
/* reading username */
in_uint16_be(c->in_s, sz);
- buf[sz] = '\0';
-+ buf = g_new0(char, sz);
++ buf = g_new0(char, sz + 1);
in_uint8a(c->in_s, buf, sz);
+ buf[sz] = '\0';
@@ -119,7 +119,7 @@
/* reading password */
in_uint16_be(c->in_s, sz);
- buf[sz] = '\0';
-+ buf = g_new0(char, sz);
++ buf = g_new0(char, sz + 1);
in_uint8a(c->in_s, buf, sz);
+ buf[sz] = '\0';
Reply to: