[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#895596: marked as done (stretch-pu: package xrdp/0.9.1-9+deb9u2)

Your message dated Sat, 14 Jul 2018 11:21:20 +0100
with message-id <1531563680.2095.30.camel@adam-barratt.org.uk>
and subject line Closing bugs for updates included in 9.5
has caused the Debian Bug report #895596,
regarding stretch-pu: package xrdp/0.9.1-9+deb9u2
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
895596: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=895596
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian.org@packages.debian.org
Usertags: pu

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

The last upload to stretch, fixing a minor security issue, had an incomplete
patch provided by upstream which can lead to memory corruption and crashes
in some cases.

The update was first negotiated with the security team, who proposed to
update via stretch-pu AND stretch-updates.

Find attached the debdiff.

N.B.: This is not an NMU - I am now using my debian.org mail address, but
did not want to change Uploaders: in a stable update (or should I?).

-----BEGIN PGP SIGNATURE-----

iQKJBAEBCABzFiEEPJ1UpHV1wCb7F/0mt5o8FqDE8pYFAlrQbtsxGmh0dHBzOi8v
d3d3LmRvbWluaWstZ2VvcmdlLmRlL2dwZy1wb2xpY3kudHh0LmFzYyMcZG9taW5p
ay5nZW9yZ2VAaXQucGlyYXRlbnBhcnRlaS5kZQAKCRC3mjwWoMTyljN1D/9DMKk+
5+A2QnYFxVCeqKKhBt/Yc+dXb7CsyDW80nUZWnlyP0XHi4OChJg8+MyjKVMIMTmp
Vr5LBJbFDlDaQ/hqNY0KKqc4Md4PcEXF+krcN4nL0bEAdAFT7BdDJA+rFeoCGz8z
Vi2Ev0JkdWJndHuNMrGFZb0ESOxy+4vF1P7j7zrTvFfeXj/PowbIUzBGPBEQ8o6y
ELbMjXk0ma5gri9mvyv0xaRV7oDUhHA/czq1A+aM2anJmABaZJzLxWd/9YKcvzxV
Gyhv3dQtESd+fQOzbtqW1okhxPIOnaDcldRDjdvNNLsE7PMjcxq0PresNZkeBMKM
Yys7AInm3L8Pv2dHImAl7GSHyO6FpvFWy8DT9IdSgpz196X/Vx/I6do0lPPbqpWT
Q52vCQ21lR7F6FXYYwoDVzpGrM1OB6bOeJxmM6AnTfzwAKsF5g0+AGZuiW0i3AQj
guxhf5CnoVvUfxY7yixjOZUosvipdU/Fktcbs3rpE2tbHKV84pFcq+EJBjjzKMVc
p/rQW2UP53pZGvO45t5S0cwlnqRtxcXH15yyOfMGdx9jdAWcnVHB8h69TIi0jVWB
1s74hN1IpYbCLu63f/ei1NtOKEkJ8vvTl92omHp548G09oIJNenGTI8WQ1mBXzwg
ZqmqS081W7/dtRv+PiZkF+Gh8+QpQHk627f42w==
=H6gU
-----END PGP SIGNATURE-----

diff -Nru xrdp-0.9.1/debian/changelog xrdp-0.9.1/debian/changelog
--- xrdp-0.9.1/debian/changelog	2017-12-15 19:28:28.000000000 +0100
+++ xrdp-0.9.1/debian/changelog	2018-04-12 23:43:25.000000000 +0200
@@ -1,3 +1,10 @@
+xrdp (0.9.1-9+deb9u3) stretch; urgency=high
+
+  * Fix patch for CVE-2017-16927. (Closes: #884702)
+    + Off-by-one mistake could crash xrdp in some cases.
+
+ -- Dominik George <natureshadow@debian.org>  Thu, 12 Apr 2018 23:43:25 +0200
+
 xrdp (0.9.1-9+deb9u2) stretch; urgency=medium
 
   * Fix CVE-2017-16927. (Closes: #882463)
diff -Nru xrdp-0.9.1/debian/patches/cve-2017-16927.patch xrdp-0.9.1/debian/patches/cve-2017-16927.patch
--- xrdp-0.9.1/debian/patches/cve-2017-16927.patch	2017-12-15 19:28:28.000000000 +0100
+++ xrdp-0.9.1/debian/patches/cve-2017-16927.patch	2018-04-12 23:43:25.000000000 +0200
@@ -18,7 +18,7 @@
          /* reading username */
          in_uint16_be(c->in_s, sz);
 -        buf[sz] = '\0';
-+        buf = g_new0(char, sz);
++        buf = g_new0(char, sz + 1);
          in_uint8a(c->in_s, buf, sz);
 -
 +        buf[sz] = '\0';
@@ -34,7 +34,7 @@
          /* reading password */
          in_uint16_be(c->in_s, sz);
 -        buf[sz] = '\0';
-+        buf = g_new0(char, sz);
++        buf = g_new0(char, sz + 1);
          in_uint8a(c->in_s, buf, sz);
 -
 +        buf[sz] = '\0';
@@ -53,7 +53,7 @@
  
              if (sz > 0)
              {
-+                buf = g_new0(char, sz);
++                buf = g_new0(char, sz + 1);
                  in_uint8a(c->in_s, buf, sz);
                  buf[sz] = '\0';
                  scp_session_set_domain(session, buf);
@@ -65,7 +65,7 @@
  
              if (sz > 0)
              {
-+                buf = g_new0(char, sz);
++                buf = g_new0(char, sz + 1);
                  in_uint8a(c->in_s, buf, sz);
                  buf[sz] = '\0';
                  scp_session_set_program(session, buf);
@@ -77,7 +77,7 @@
  
              if (sz > 0)
              {
-+                buf = g_new0(char, sz);
++                buf = g_new0(char, sz + 1);
                  in_uint8a(c->in_s, buf, sz);
                  buf[sz] = '\0';
                  scp_session_set_directory(session, buf);
@@ -89,7 +89,7 @@
  
              if (sz > 0)
              {
-+                buf = g_new0(char, sz);
++                buf = g_new0(char, sz + 1);
                  in_uint8a(c->in_s, buf, sz);
                  buf[sz] = '\0';
                  scp_session_set_client_ip(session, buf);
@@ -102,7 +102,7 @@
          /* reading username */
          in_uint16_be(c->in_s, sz);
 -        buf[sz] = '\0';
-+        buf = g_new0(char, sz);
++        buf = g_new0(char, sz + 1);
          in_uint8a(c->in_s, buf, sz);
 +        buf[sz] = '\0';
  
@@ -119,7 +119,7 @@
          /* reading password */
          in_uint16_be(c->in_s, sz);
 -        buf[sz] = '\0';
-+        buf = g_new0(char, sz);
++        buf = g_new0(char, sz + 1);
          in_uint8a(c->in_s, buf, sz);
 +        buf[sz] = '\0';

--- End Message ---
--- Begin Message --- 
Version: 9.5

Hi,

The update referenced by each of these bugs was included in this
morning's stretch point release.

Regards,

Adam

--- End Message ---
Reply to: