[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#927798: marked as done (unblock: pspp/1.2.0-3)

Your message dated Tue, 23 Apr 2019 13:32:00 +0000
with message-id <b8bc2e5d-f009-ca87-474e-2d8ab30a9e0e@thykier.net>
and subject line Re: Bug#927798: unblock: pspp/1.2.0-3
has caused the Debian Bug report #927798,
regarding unblock: pspp/1.2.0-3
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
927798: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927798
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

Please unblock package pspp


  [ Andreas Tille ]
  * Team upload.
  * Take over package into Debian Science team maintenance

  [ Ben Pfaff ]
  * Issue error message for too-large extension records. (CVE-2018-20230)
    Closes: #916902


unblock pspp/1.2.0-3

-- System Information:
Debian Release: 9.8
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.9.0-6-amd64 (SMP w/1 CPU core)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

diff -Nru pspp-1.2.0/debian/changelog pspp-1.2.0/debian/changelog
--- pspp-1.2.0/debian/changelog	2018-11-26 07:50:21.000000000 +0100
+++ pspp-1.2.0/debian/changelog	2019-04-23 13:59:03.000000000 +0200
@@ -1,3 +1,15 @@
+pspp (1.2.0-3) unstable; urgency=medium
+
+  [ Andreas Tille ]
+  * Team upload.
+  * Take over package into Debian Science team maintenance
+
+  [ Ben Pfaff ]
+  * Issue error message for too-large extension records. (CVE-2018-20230)
+    Closes: #916902
+
+ -- Andreas Tille <tille@debian.org>  Tue, 23 Apr 2019 13:59:03 +0200
+
 pspp (1.2.0-2) unstable; urgency=low
 
   * Fixed regression error in segmentation
diff -Nru pspp-1.2.0/debian/control pspp-1.2.0/debian/control
--- pspp-1.2.0/debian/control	2018-11-26 07:50:21.000000000 +0100
+++ pspp-1.2.0/debian/control	2019-04-23 13:59:03.000000000 +0200
@@ -1,8 +1,9 @@
 Source: pspp
 Section: math
 Priority: optional
-Maintainer: Friedrich Beckmann <friedrich.beckmann@gmx.de>
-Uploaders: Ben Pfaff <blp@cs.stanford.edu>
+Maintainer: Debian Science Team <debian-science-maintainers@lists.alioth.debian.org>
+Uploaders: Friedrich Beckmann <friedrich.beckmann@gmx.de>,
+           Ben Pfaff <blp@cs.stanford.edu>
 # postgresql is disabled on hurd-i386 in order to remove
 # postgres support which will not build on hurd-i386
 # see: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=820743
@@ -29,6 +30,8 @@
                libpq-dev,
 	       emacsen-common (>= 2.0.8)
 Standards-Version: 4.2.1
+Vcs-Browser: https://salsa.debian.org/science-team/pspp
+Vcs-Git: https://salsa.debian.org/science-team/pspp.git
 Homepage: http://savannah.gnu.org/projects/pspp
 
 Package: pspp
diff -Nru pspp-1.2.0/debian/patches/0002-pspp-dump-sav-Issue-error-message-for-too-large-exte.patch pspp-1.2.0/debian/patches/0002-pspp-dump-sav-Issue-error-message-for-too-large-exte.patch
--- pspp-1.2.0/debian/patches/0002-pspp-dump-sav-Issue-error-message-for-too-large-exte.patch	1970-01-01 01:00:00.000000000 +0100
+++ pspp-1.2.0/debian/patches/0002-pspp-dump-sav-Issue-error-message-for-too-large-exte.patch	2019-04-23 13:59:03.000000000 +0200
@@ -0,0 +1,126 @@
+From abd1f816ca3b4f382bddf4564ad092aa934f0ccc Mon Sep 17 00:00:00 2001
+Author: Ben Pfaff <blp@cs.stanford.edu>
+Date: Tue, 1 Jan 2019 08:36:05 -0800
+Bug-Debian: https://bugs.debian.org/916902
+Subject: [PATCH 02/67] pspp-dump-sav: Issue error message for too-large
+ extension records.
+
+CVE-2018-20230.
+---
+ NEWS                      |  2 ++
+ utilities/pspp-dump-sav.c | 30 ++++++++++++++++++------------
+ 2 files changed, 20 insertions(+), 12 deletions(-)
+
+--- a/NEWS
++++ b/NEWS
+@@ -4,6 +4,8 @@ See the end for copying conditions.
+ 
+ Please send PSPP bug reports to bug-gnu-pspp@gnu.org.
+ 
++ * Bug fix for CVE-2018-20230.
++
+ Changes from 1.0.1 to 1.2.0:
+ 
+  * New experimental command SAVE DATA COLLECTION to save MDD files.
+--- a/utilities/pspp-dump-sav.c
++++ b/utilities/pspp-dump-sav.c
+@@ -37,6 +37,7 @@
+ #include "gl/progname.h"
+ #include "gl/version-etc.h"
+ #include "gl/xalloc.h"
++#include "gl/xsize.h"
+ 
+ #define ID_MAX_LEN 64
+ 
+@@ -99,7 +100,7 @@ static void read_simple_compressed_data
+ static void read_zlib_compressed_data (struct sfm_reader *);
+ 
+ static struct text_record *open_text_record (
+-  struct sfm_reader *, size_t size);
++  struct sfm_reader *, size_t size, size_t count);
+ static void close_text_record (struct text_record *);
+ static bool read_variable_to_value_pair (struct text_record *,
+                                          char **key, char **value);
+@@ -735,7 +736,7 @@ read_extra_product_info (struct sfm_read
+   const char *s;
+ 
+   printf ("%08llx: extra product info\n", (long long int) ftello (r->file));
+-  text = open_text_record (r, size * count);
++  text = open_text_record (r, size, count);
+   s = text_get_all (text);
+   print_string (s, strlen (s));
+   close_text_record (text);
+@@ -749,7 +750,7 @@ read_mrsets (struct sfm_reader *r, size_
+ 
+   printf ("%08llx: multiple response sets\n",
+           (long long int) ftello (r->file));
+-  text = open_text_record (r, size * count);
++  text = open_text_record (r, size, count);
+   for (;;)
+     {
+       const char *name;
+@@ -909,7 +910,7 @@ read_long_var_name_map (struct sfm_reade
+ 
+   printf ("%08llx: long variable names (short => long)\n",
+           (long long int) ftello (r->file));
+-  text = open_text_record (r, size * count);
++  text = open_text_record (r, size, count);
+   while (read_variable_to_value_pair (text, &var, &long_name))
+     printf ("\t%s => %s\n", var, long_name);
+   close_text_record (text);
+@@ -926,7 +927,7 @@ read_long_string_map (struct sfm_reader
+ 
+   printf ("%08llx: very long strings (variable => length)\n",
+           (long long int) ftello (r->file));
+-  text = open_text_record (r, size * count);
++  text = open_text_record (r, size, count);
+   while (read_variable_to_value_pair (text, &var, &length_s))
+     printf ("\t%s => %d\n", var, atoi (length_s));
+   close_text_record (text);
+@@ -1004,7 +1005,7 @@ read_datafile_attributes (struct sfm_rea
+   struct text_record *text;
+ 
+   printf ("%08llx: datafile attributes\n", (long long int) ftello (r->file));
+-  text = open_text_record (r, size * count);
++  text = open_text_record (r, size, count);
+   read_attributes (r, text, "datafile");
+   close_text_record (text);
+ }
+@@ -1196,7 +1197,7 @@ read_variable_attributes (struct sfm_rea
+   struct text_record *text;
+ 
+   printf ("%08llx: variable attributes\n", (long long int) ftello (r->file));
+-  text = open_text_record (r, size * count);
++  text = open_text_record (r, size, count);
+   for (;;)
+     {
+       const char *variable = text_tokenize (text, ':');
+@@ -1389,18 +1390,23 @@ struct text_record
+     size_t pos;                 /* Current position in buffer. */
+   };
+ 
+-/* Reads SIZE bytes into a text record for R,
++/* Reads SIZE * COUNT bytes into a text record for R,
+    and returns the new text record. */
+ static struct text_record *
+-open_text_record (struct sfm_reader *r, size_t size)
++open_text_record (struct sfm_reader *r, size_t size, size_t count)
+ {
+   struct text_record *text = xmalloc (sizeof *text);
+-  char *buffer = xmalloc (size + 1);
+-  read_bytes (r, buffer, size);
++
++  if (size_overflow_p (xsum (1, xtimes (size, count))))
++    sys_error (r, "Extension record too large.");
++
++  size_t n_bytes = size * count;
++  char *buffer = xmalloc (n_bytes + 1);
++  read_bytes (r, buffer, n_bytes);
+   buffer[size] = '\0';
+   text->reader = r;
+   text->buffer = buffer;
+-  text->size = size;
++  text->size = n_bytes;
+   text->pos = 0;
+   return text;
+ }
diff -Nru pspp-1.2.0/debian/patches/series pspp-1.2.0/debian/patches/series
--- pspp-1.2.0/debian/patches/series	2018-11-26 07:50:21.000000000 +0100
+++ pspp-1.2.0/debian/patches/series	2019-04-23 13:59:03.000000000 +0200
@@ -1,3 +1,4 @@
 move_appdata_directory.diff
 emacs_elpa.diff
 regression-segment-fix.patch
+0002-pspp-dump-sav-Issue-error-message-for-too-large-exte.patch

--- End Message ---
--- Begin Message --- 
Andreas Tille:
> Package: release.debian.org
> Severity: normal
> User: release.debian.org@packages.debian.org
> Usertags: unblock
> 
> Please unblock package pspp
> 
> 
>   [ Andreas Tille ]
>   * Team upload.
>   * Take over package into Debian Science team maintenance
> 
>   [ Ben Pfaff ]
>   * Issue error message for too-large extension records. (CVE-2018-20230)
>     Closes: #916902
> 
> 
> unblock pspp/1.2.0-3
> 
> [...]

Unblocked, thanks.
~Niels

--- End Message ---
Reply to: