[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#931042: marked as done (unblock: bzip2/1.0.6-9.1)

Your message dated Tue, 25 Jun 2019 17:34:15 +0000
with message-id <E1hfpKh-0004uD-KG@respighi.debian.org>
and subject line unblock bzip2
has caused the Debian Bug report #931042,
regarding unblock: bzip2/1.0.6-9.1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
931042: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931042
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

Hi,

Please unblock package bzip2, it fixes CVE-2019-12900 (tracked as
#930886) in the BTS itself.

> bzip2 (1.0.6-9.1) unstable; urgency=high
> 
>   * Non-maintainer upload.
>   * Make sure nSelectors is not out of range (CVE-2019-12900)
>     (Closes: #930886)

AFAICS autopkgtest runs are still running, so we might want to wait
for the results before a possible unblock?

unblock bzip2/1.0.6-9.1

Regards,
Salvatore

diff -Nru bzip2-1.0.6/debian/changelog bzip2-1.0.6/debian/changelog
--- bzip2-1.0.6/debian/changelog	2018-08-14 21:28:22.000000000 +0200
+++ bzip2-1.0.6/debian/changelog	2019-06-24 22:15:37.000000000 +0200
@@ -1,3 +1,11 @@
+bzip2 (1.0.6-9.1) unstable; urgency=high
+
+  * Non-maintainer upload.
+  * Make sure nSelectors is not out of range (CVE-2019-12900)
+    (Closes: #930886)
+
+ -- Salvatore Bonaccorso <carnil@debian.org>  Mon, 24 Jun 2019 22:15:37 +0200
+
 bzip2 (1.0.6-9) unstable; urgency=medium
 
   [ Santiago Ruano Rincón ]
diff -Nru bzip2-1.0.6/debian/patches/Make-sure-nSelectors-is-not-out-of-range.patch bzip2-1.0.6/debian/patches/Make-sure-nSelectors-is-not-out-of-range.patch
--- bzip2-1.0.6/debian/patches/Make-sure-nSelectors-is-not-out-of-range.patch	1970-01-01 01:00:00.000000000 +0100
+++ bzip2-1.0.6/debian/patches/Make-sure-nSelectors-is-not-out-of-range.patch	2019-06-24 22:15:37.000000000 +0200
@@ -0,0 +1,34 @@
+From: Albert Astals Cid <aacid@kde.org>
+Date: Tue, 28 May 2019 19:35:18 +0200
+Subject: Make sure nSelectors is not out of range
+Origin: https://gitlab.com/federicomenaquintero/bzip2/commit/74de1e2e6ffc9d51ef9824db71a8ffee5962cdbc
+Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2019-12900
+Bug-Debian: https://bugs.debian.org/930886
+
+nSelectors is used in a loop from 0 to nSelectors to access selectorMtf
+which is
+	UChar    selectorMtf[BZ_MAX_SELECTORS];
+so if nSelectors is bigger than BZ_MAX_SELECTORS it'll do an invalid memory
+access
+
+Fixes out of bounds access discovered while fuzzying karchive
+---
+ decompress.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/decompress.c b/decompress.c
+index ab6a624db17a..f3db91d14f6e 100644
+--- a/decompress.c
++++ b/decompress.c
+@@ -287,7 +287,7 @@ Int32 BZ2_decompress ( DState* s )
+       GET_BITS(BZ_X_SELECTOR_1, nGroups, 3);
+       if (nGroups < 2 || nGroups > 6) RETURN(BZ_DATA_ERROR);
+       GET_BITS(BZ_X_SELECTOR_2, nSelectors, 15);
+-      if (nSelectors < 1) RETURN(BZ_DATA_ERROR);
++      if (nSelectors < 1 || nSelectors > BZ_MAX_SELECTORS) RETURN(BZ_DATA_ERROR);
+       for (i = 0; i < nSelectors; i++) {
+          j = 0;
+          while (True) {
+-- 
+2.20.1
+
diff -Nru bzip2-1.0.6/debian/patches/series bzip2-1.0.6/debian/patches/series
--- bzip2-1.0.6/debian/patches/series	2018-08-13 13:29:27.000000000 +0200
+++ bzip2-1.0.6/debian/patches/series	2019-06-24 22:15:37.000000000 +0200
@@ -7,3 +7,4 @@
 bzip2recover-CVE-2016-3189.patch
 bzdiff-tmpdir-spaces.diff
 40-bzdiff-l.patch
+Make-sure-nSelectors-is-not-out-of-range.patch

--- End Message ---
--- Begin Message --- 
Unblocked bzip2.

--- End Message ---
Reply to: