--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock
Hi,
Please unblock package bzip2, it fixes CVE-2019-12900 (tracked as
#930886) in the BTS itself.
> bzip2 (1.0.6-9.1) unstable; urgency=high
>
> * Non-maintainer upload.
> * Make sure nSelectors is not out of range (CVE-2019-12900)
> (Closes: #930886)
AFAICS autopkgtest runs are still running, so we might want to wait
for the results before a possible unblock?
unblock bzip2/1.0.6-9.1
Regards,
Salvatore
diff -Nru bzip2-1.0.6/debian/changelog bzip2-1.0.6/debian/changelog
--- bzip2-1.0.6/debian/changelog 2018-08-14 21:28:22.000000000 +0200
+++ bzip2-1.0.6/debian/changelog 2019-06-24 22:15:37.000000000 +0200
@@ -1,3 +1,11 @@
+bzip2 (1.0.6-9.1) unstable; urgency=high
+
+ * Non-maintainer upload.
+ * Make sure nSelectors is not out of range (CVE-2019-12900)
+ (Closes: #930886)
+
+ -- Salvatore Bonaccorso <carnil@debian.org> Mon, 24 Jun 2019 22:15:37 +0200
+
bzip2 (1.0.6-9) unstable; urgency=medium
[ Santiago Ruano Rincón ]
diff -Nru bzip2-1.0.6/debian/patches/Make-sure-nSelectors-is-not-out-of-range.patch bzip2-1.0.6/debian/patches/Make-sure-nSelectors-is-not-out-of-range.patch
--- bzip2-1.0.6/debian/patches/Make-sure-nSelectors-is-not-out-of-range.patch 1970-01-01 01:00:00.000000000 +0100
+++ bzip2-1.0.6/debian/patches/Make-sure-nSelectors-is-not-out-of-range.patch 2019-06-24 22:15:37.000000000 +0200
@@ -0,0 +1,34 @@
+From: Albert Astals Cid <aacid@kde.org>
+Date: Tue, 28 May 2019 19:35:18 +0200
+Subject: Make sure nSelectors is not out of range
+Origin: https://gitlab.com/federicomenaquintero/bzip2/commit/74de1e2e6ffc9d51ef9824db71a8ffee5962cdbc
+Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2019-12900
+Bug-Debian: https://bugs.debian.org/930886
+
+nSelectors is used in a loop from 0 to nSelectors to access selectorMtf
+which is
+ UChar selectorMtf[BZ_MAX_SELECTORS];
+so if nSelectors is bigger than BZ_MAX_SELECTORS it'll do an invalid memory
+access
+
+Fixes out of bounds access discovered while fuzzying karchive
+---
+ decompress.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/decompress.c b/decompress.c
+index ab6a624db17a..f3db91d14f6e 100644
+--- a/decompress.c
++++ b/decompress.c
+@@ -287,7 +287,7 @@ Int32 BZ2_decompress ( DState* s )
+ GET_BITS(BZ_X_SELECTOR_1, nGroups, 3);
+ if (nGroups < 2 || nGroups > 6) RETURN(BZ_DATA_ERROR);
+ GET_BITS(BZ_X_SELECTOR_2, nSelectors, 15);
+- if (nSelectors < 1) RETURN(BZ_DATA_ERROR);
++ if (nSelectors < 1 || nSelectors > BZ_MAX_SELECTORS) RETURN(BZ_DATA_ERROR);
+ for (i = 0; i < nSelectors; i++) {
+ j = 0;
+ while (True) {
+--
+2.20.1
+
diff -Nru bzip2-1.0.6/debian/patches/series bzip2-1.0.6/debian/patches/series
--- bzip2-1.0.6/debian/patches/series 2018-08-13 13:29:27.000000000 +0200
+++ bzip2-1.0.6/debian/patches/series 2019-06-24 22:15:37.000000000 +0200
@@ -7,3 +7,4 @@
bzip2recover-CVE-2016-3189.patch
bzdiff-tmpdir-spaces.diff
40-bzdiff-l.patch
+Make-sure-nSelectors-is-not-out-of-range.patch
--- End Message ---