Bug#929630: marked as done (unblock: wireshark/2.6.8-1.1)

To: Niels Thykier <niels@thykier.net>
Subject: Bug#929630: marked as done (unblock: wireshark/2.6.8-1.1)
From: "Debian Bug Tracking System" <owner@bugs.debian.org>
Date: Wed, 29 May 2019 17:24:07 +0000
Message-id: <[🔎] handler.929630.D929630.15591505442209.ackdone@bugs.debian.org>
Reply-to: 929630@bugs.debian.org
References: <ef24edb2-82fa-1d0e-62d0-951f384c8f22@thykier.net> <[🔎] 8406e5a5-0a0a-992c-f40b-424c422284b4@debian.org>

Your message dated Wed, 29 May 2019 17:22:00 +0000
with message-id <ef24edb2-82fa-1d0e-62d0-951f384c8f22@thykier.net>
and subject line Re: Bug#929630: unblock: wireshark/2.6.8-1.1
has caused the Debian Bug report #929630,
regarding unblock: wireshark/2.6.8-1.1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
929630: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929630
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: unblock: wireshark/2.6.8-1.1
From: "Dr. Tobias Quathamer" <toddy@debian.org>
Date: Mon, 27 May 2019 16:31:06 +0200
Message-id: <[🔎] 8406e5a5-0a0a-992c-f40b-424c422284b4@debian.org>

Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

Please unblock package wireshark. The NMU fixes CVE-2019-12295, reported
as Debian bug #929446.

unblock wireshark/2.6.8-1.1

Regards,
Tobias

diff --git a/debian/changelog b/debian/changelog
index 4699904b15..dbdda67912 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,14 @@
+wireshark (2.6.8-1.1) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * CVE-2019-12295
+    In Wireshark 3.0.0 to 3.0.1, 2.6.0 to 2.6.8, and 2.4.0 to 2.4.14,
+    the dissection engine could crash. This was addressed in
+    epan/packet.c by restricting the number of layers and
+    consequently limiting recursion. (Closes: #929446)
+
+ -- Dr. Tobias Quathamer <toddy@debian.org>  Mon, 27 May 2019 16:08:44 +0200
+
 wireshark (2.6.8-1) unstable; urgency=medium
 
   * New upstream version 2.6.8
diff --git a/debian/patches/CVE-2019-12295.patch b/debian/patches/CVE-2019-12295.patch
new file mode 100644
index 0000000000..494c09ee44
--- /dev/null
+++ b/debian/patches/CVE-2019-12295.patch
@@ -0,0 +1,42 @@
+Description: CVE-2019-12295
+ In Wireshark 3.0.0 to 3.0.1, 2.6.0 to 2.6.8, and 2.4.0 to 2.4.14,
+ the dissection engine could crash. This was addressed in
+ epan/packet.c by restricting the number of layers and
+ consequently limiting recursion.
+Origin: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=7b6e197da4c497e229ed3ebf6952bae5c426a820
+Bug-Debian: https://bugs.debian.org/929446
+---
+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
+--- a/epan/packet.c
++++ b/epan/packet.c
+@@ -725,6 +725,13 @@
+ call_dissector_work_error(dissector_handle_t handle, tvbuff_t *tvb,
+ 			  packet_info *pinfo_arg, proto_tree *tree, void *);
+ 
++/*
++ * XXX packet_info.curr_layer_num is a guint8 and *_MAX_RECURSION_DEPTH is
++ * 100 elsewhere in the code. We should arguably use the same value here,
++ * but using that makes suite_wslua.case_wslua.test_wslua_dissector_fpm fail.
++ */
++#define PINFO_LAYER_MAX_RECURSION_DEPTH 500
++
+ static int
+ call_dissector_work(dissector_handle_t handle, tvbuff_t *tvb, packet_info *pinfo_arg,
+ 		    proto_tree *tree, gboolean add_proto_name, void *data)
+@@ -747,6 +754,7 @@
+ 	saved_proto = pinfo->current_proto;
+ 	saved_can_desegment = pinfo->can_desegment;
+ 	saved_layers_len = wmem_list_count(pinfo->layers);
++	DISSECTOR_ASSERT(saved_layers_len < PINFO_LAYER_MAX_RECURSION_DEPTH);
+ 
+ 	/*
+ 	 * can_desegment is set to 2 by anyone which offers the
+@@ -2675,6 +2683,8 @@
+ 	saved_layers_len = wmem_list_count(pinfo->layers);
+ 	*heur_dtbl_entry = NULL;
+ 
++	DISSECTOR_ASSERT(saved_layers_len < PINFO_LAYER_MAX_RECURSION_DEPTH);
++
+ 	for (entry = sub_dissectors->dissectors; entry != NULL;
+ 	    entry = g_slist_next(entry)) {
+ 		/* XXX - why set this now and above? */
diff --git a/debian/patches/series b/debian/patches/series
index c3ea6754c4..1e3c412166 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -4,3 +4,4 @@
 09_idl2wrs.patch
 16_licence_about_location.patch
 17_libdir_location.patch
+CVE-2019-12295.patch

Attachment: signature.asc
Description: OpenPGP digital signature

--- End Message ---

--- Begin Message ---

To: "Dr. Tobias Quathamer" <toddy@debian.org>, 929630-done@bugs.debian.org

Subject: Re: Bug#929630: unblock: wireshark/2.6.8-1.1

From: Niels Thykier <niels@thykier.net>

Date: Wed, 29 May 2019 17:22:00 +0000

Message-id: <ef24edb2-82fa-1d0e-62d0-951f384c8f22@thykier.net>

In-reply-to: <[🔎] 8406e5a5-0a0a-992c-f40b-424c422284b4@debian.org>

References: <[🔎] 8406e5a5-0a0a-992c-f40b-424c422284b4@debian.org>
Dr. Tobias Quathamer:
> Package: release.debian.org
> Severity: normal
> User: release.debian.org@packages.debian.org
> Usertags: unblock
> 
> Please unblock package wireshark. The NMU fixes CVE-2019-12295, reported
> as Debian bug #929446.
> 
> unblock wireshark/2.6.8-1.1
> 
> Regards,
> Tobias
> 

Unblocked, thanks.
~Niels
--- End Message ---

Reply to:

References:
- Bug#929630: unblock: wireshark/2.6.8-1.1
  - From: "Dr. Tobias Quathamer" <toddy@debian.org>

Prev by Date: Processed: Re: Bug#929731: unblock: flash-kernel/3.99
Next by Date: Bug#929635: marked as done (unblock: munin/2.0.49-1)
Previous by thread: Bug#929630: unblock: wireshark/2.6.8-1.1
Next by thread: Bug#929635: unblock: munin/2.0.49-1
Index(es):
- Date
- Thread