[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#908474: stretch-pu: package zutils/1.5-5

Package: release.debian.org
User: release.debian.org@packages.debian.org
Usertags: pu
Tags: stretch
Severity: normal

Hi,

a buffer underrun has been fixed in zutils 1.7-3 (sid), here's an
updated package for stretch:


https://people.debian.org/~daniel/packages/zutils/1.5-5+deb9u1/zutils_1.5-5+deb9u1.dsc

The debdiff is attached.

Regards,
Daniel

diff -Nru zutils-1.5/debian/changelog zutils-1.5/debian/changelog
--- zutils-1.5/debian/changelog	2017-01-26 16:41:26.000000000 +0000
+++ zutils-1.5/debian/changelog	2018-09-10 08:55:58.000000000 +0000
@@ -1,3 +1,11 @@
+zutils (1.5-5+deb9u1) stretch; urgency=medium
+
+  * Uploading to stretch.
+  * Adding patch from upstream to fix a buffer overrun in zcat
+    [CVE-2018-1000637] (Closes: #902936).
+
+ -- Daniel Baumann <daniel.baumann@progress-linux.org>  Mon, 10 Sep 2018 10:55:58 +0200
+
 zutils (1.5-5) unstable; urgency=low
 
   * Uploading to sid.
diff -Nru zutils-1.5/debian/patches/series zutils-1.5/debian/patches/series
--- zutils-1.5/debian/patches/series	2017-01-26 16:41:26.000000000 +0000
+++ zutils-1.5/debian/patches/series	2018-09-10 08:55:15.000000000 +0000
@@ -1,2 +1,3 @@
 debian/0001-build.patch
 debian/0002-zupdate.patch
+upstream/0001-zcat-buffer-overrun.patch
diff -Nru zutils-1.5/debian/patches/upstream/0001-zcat-buffer-overrun.patch zutils-1.5/debian/patches/upstream/0001-zcat-buffer-overrun.patch
--- zutils-1.5/debian/patches/upstream/0001-zcat-buffer-overrun.patch	1970-01-01 00:00:00.000000000 +0000
+++ zutils-1.5/debian/patches/upstream/0001-zcat-buffer-overrun.patch	2018-09-10 08:55:58.000000000 +0000
@@ -0,0 +1,18 @@
+Author: Antonio Diaz-Diaz <antonio@gnu.org>
+Description: zcat.cc: Fixed a buffer overrun on outbuf when '-v' is used [CVE-2018-1000637] (Closes: #902936).
+
+diff -Naurp zutils.orig/zcat.cc zutils/zcat.cc
+--- zutils.orig/zcat.cc
++++ zutils/zcat.cc
+@@ -229,8 +229,9 @@ int cat( int infd, const int format_inde
+   enum { buffer_size = 4096 };
+   // buffer with space for sentinel newline at the end
+   uint8_t * const inbuf = new uint8_t[buffer_size+1];
+-  // buffer with space for character quoting and 255-digit line number
+-  uint8_t * const outbuf = new uint8_t[(4*buffer_size)+256];
++  // buffer with space for character quoting, 255-digit line number and
++  // worst case flushing respect to inbuf.
++  uint8_t * const outbuf = new uint8_t[(5*buffer_size)+256];
+   int retval = 0;
+   Children children;
+   if( !set_data_feeder( &infd, children, format_index ) ) retval = 1;
Reply to: