Bug#926217: unblock: libmysofa/0.6~dfsg0-3
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock
Please unblock package libmysofa
A vulnerability was discovered in libmysofa which has been
reported as CVE-2019-10672, resp. Debian bug #926125.
While upstream has released a new version of libmysofa to fix the issue, I just
backported the fixes to the version currently in testing.
The debdiff also includes updates to Vcs-* stanzas and maintainer address
(migrating away from the alioth addresses), which i consider non-invasive enough
to be included.
Since the bug is security related and RC, please unblock it in time for buster.
unblock libmysofa/0.6~dfsg0-3
-- System Information:
Debian Release: buster/sid
APT prefers unstable-debug
APT policy: (500, 'unstable-debug'), (500, 'stable-updates'), (500, 'unstable'), (500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.19.0-4-amd64 (SMP w/4 CPU cores)
Kernel taint flags: TAINT_WARN, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE=C.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
diff -Nru libmysofa-0.6~dfsg0/debian/changelog libmysofa-0.6~dfsg0/debian/changelog
--- libmysofa-0.6~dfsg0/debian/changelog 2017-11-20 15:43:42.000000000 +0100
+++ libmysofa-0.6~dfsg0/debian/changelog 2019-04-01 23:25:15.000000000 +0200
@@ -1,3 +1,16 @@
+libmysofa (0.6~dfsg0-3) unstable; urgency=medium
+
+ [ IOhannes m zmölnig ]
+ * Backport fix for CVE-2019-10672 (Closes: #926125)
+
+ [ Ondřej Nový ]
+ * d/control: Set Vcs-* to salsa.debian.org
+
+ [ Felipe Sateler ]
+ * Change maintainer address to debian-multimedia@lists.debian.org
+
+ -- IOhannes m zmölnig (Debian/GNU) <umlaeute@debian.org> Mon, 01 Apr 2019 23:25:15 +0200
+
libmysofa (0.6~dfsg0-2) unstable; urgency=medium
* Set Multi-Arch:same (Closes: #882230)
diff -Nru libmysofa-0.6~dfsg0/debian/control libmysofa-0.6~dfsg0/debian/control
--- libmysofa-0.6~dfsg0/debian/control 2017-11-20 15:43:42.000000000 +0100
+++ libmysofa-0.6~dfsg0/debian/control 2019-04-01 23:25:15.000000000 +0200
@@ -1,6 +1,6 @@
Source: libmysofa
Priority: optional
-Maintainer: Debian Multimedia Maintainers <pkg-multimedia-maintainers@lists.alioth.debian.org>
+Maintainer: Debian Multimedia Maintainers <debian-multimedia@lists.debian.org>
Uploaders:
IOhannes m zmölnig (Debian/GNU) <umlaeute@debian.org>,
Build-Depends:
@@ -12,8 +12,8 @@
Standards-Version: 4.1.1
Section: devel
Homepage: https://github.com/hoene/libmysofa
-Vcs-Git: https://anonscm.debian.org/git/pkg-multimedia/libmysofa.git
-Vcs-Browser: https://anonscm.debian.org/git/pkg-multimedia/libmysofa.git
+Vcs-Git: https://salsa.debian.org/multimedia-team/libmysofa.git
+Vcs-Browser: https://salsa.debian.org/multimedia-team/libmysofa
Package: libmysofa-dev
Section: libdevel
diff -Nru libmysofa-0.6~dfsg0/debian/patches/CVE-2019-10672.patch libmysofa-0.6~dfsg0/debian/patches/CVE-2019-10672.patch
--- libmysofa-0.6~dfsg0/debian/patches/CVE-2019-10672.patch 1970-01-01 01:00:00.000000000 +0100
+++ libmysofa-0.6~dfsg0/debian/patches/CVE-2019-10672.patch 2019-04-01 23:25:15.000000000 +0200
@@ -0,0 +1,77 @@
+Description: backported fixes for CVE-2019-10672
+Author: Christian Höne/IOhannes m zmölnig
+Origin: upstream
+Applied-Upstream: d39a171e9c6a1c44dbdf43f9db6c3fbd887e38c1, 83d21e38f4ed65c2e3d76fc792bdf4abde6ec148, 05ff8a6903c8a357c6d6fd921276732767741670, 2ed84bbcf261629adf16c56a5b4532670084842e
+Last-Update: 2019-04-01
+---
+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
+--- libmysofa.orig/src/hdf/btree.c
++++ libmysofa/src/hdf/btree.c
+@@ -308,8 +308,11 @@
+ b = i / elements;
+ x = i % elements + start[0];
+ if (x < sx) {
++
+ j = x * size + b;
+- ((char*)data->data)[j] = output[i];
++ if (j >= 0 && j < data->data_len) {
++ ((char*) data->data)[j] = output[i];
++ }
+ }
+ }
+ break;
+@@ -321,7 +324,9 @@
+ x = x / dy + start[0];
+ if (y < sy && x < sx) {
+ j = ((x * sy + y) * size) + b;
+- ((char*)data->data)[j] = output[i];
++ if (j >= 0 && j < data->data_len) {
++ ((char*) data->data)[j] = output[i];
++ }
+ }
+ }
+ break;
+@@ -334,7 +339,9 @@
+ x = (x / dzy) + start[0];
+ if (z < sz && y < sy && x < sx) {
+ j = (x * szy + y * sz + z) * size + b;
+- ((char*)data->data)[j] = output[i];
++ if (j >= 0 && j < data->data_len) {
++ ((char*) data->data)[j] = output[i];
++ }
+ }
+ }
+ break;
+--- libmysofa.orig/src/hdf/dataobject.c
++++ libmysofa/src/hdf/dataobject.c
+@@ -665,13 +665,14 @@
+
+ if(name_size>0x1000)
+ return MYSOFA_NO_MEMORY;
+- name = malloc(name_size);
++ name = malloc(name_size + 1);
+ if(!name)
+ return MYSOFA_NO_MEMORY;
+ if(fread(name, 1, name_size, reader->fhd)!=name_size) {
+ free(name);
+ return errno;
+ }
++ name[name_size] = 0;
+ log(" attribute name %s\n", name);
+
+ if (flags & 3) {
+--- libmysofa.orig/src/hdf/fractalhead.c
++++ libmysofa/src/hdf/fractalhead.c
+@@ -180,6 +180,12 @@
+ log("\nfractal head type 1 length %4lX name %s address %lX\n", length, name, heap_header_address);
+
+ dir = malloc(sizeof(struct DIR));
++ if(!dir) {
++ free(name);
++ return MYSOFA_NO_MEMORY;
++ }
++ memset(dir,0,sizeof(*dir));
++
+ dir->next = dataobject->directory;
+ dataobject->directory = dir;
+
diff -Nru libmysofa-0.6~dfsg0/debian/patches/series libmysofa-0.6~dfsg0/debian/patches/series
--- libmysofa-0.6~dfsg0/debian/patches/series 2017-11-20 15:43:42.000000000 +0100
+++ libmysofa-0.6~dfsg0/debian/patches/series 2019-04-01 23:25:15.000000000 +0200
@@ -1 +1,2 @@
fix_export_symbols.patch
+CVE-2019-10672.patch
Reply to: