[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#922385: marked as done (stretch-pu: package gsoap/2.8.35-4+deb9u2)

Your message dated Sat, 07 Sep 2019 14:37:11 +0100
with message-id <17351b82f829eb6917f78885cb849c4060b0a4a6.camel@adam-barratt.org.uk>
and subject line Closing bugs for fixes included in 9.10 point release
has caused the Debian Bug report #922385,
regarding stretch-pu: package gsoap/2.8.35-4+deb9u2
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
922385: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922385
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian.org@packages.debian.org
Usertags: pu

This is a proposal to fix CVE-2019-7659 in stretch.

The update also addresses one additional advisory published by the
upstream developers.

debdiff is attached.

gsoap (2.8.35-4+deb9u2) stretch; urgency=medium

  * Fix for CVE-2019-7659
    Genivia gSOAP 2.7.x and 2.8.x before 2.8.75 allows attackers to cause a
    denial of service (application abort) or possibly have unspecified other
    impact if a server application is built with the -DWITH_COOKIES flag. This
    affects the C/C++ libgsoapck/libgsoapck++ and libgsoapssl/libgsoapssl++
    libraries, as these are built with that flag.
  * Fix issue with DIME protocol receiver and malformed DIME headers
    This patch addresses a critical issue with the DIME protocol receiver that
    may cause the receiver to become unresponsive when a malformed DIME
    protocol message is received. -- https://www.genivia.com/advisory.html

	Mattias Ellert


diff -Nru gsoap-2.8.35/debian/changelog gsoap-2.8.35/debian/changelog
--- gsoap-2.8.35/debian/changelog	2017-08-16 11:58:11.000000000 +0200
+++ gsoap-2.8.35/debian/changelog	2019-02-14 17:12:12.000000000 +0100
@@ -1,3 +1,18 @@
+gsoap (2.8.35-4+deb9u2) stretch; urgency=medium
+
+  * Fix for CVE-2019-7659
+    Genivia gSOAP 2.7.x and 2.8.x before 2.8.75 allows attackers to cause a
+    denial of service (application abort) or possibly have unspecified other
+    impact if a server application is built with the -DWITH_COOKIES flag. This
+    affects the C/C++ libgsoapck/libgsoapck++ and libgsoapssl/libgsoapssl++
+    libraries, as these are built with that flag.
+  * Fix issue with DIME protocol receiver and malformed DIME headers
+    This patch addresses a critical issue with the DIME protocol receiver that
+    may cause the receiver to become unresponsive when a malformed DIME
+    protocol message is received. -- https://www.genivia.com/advisory.html
+
+ -- Mattias Ellert <mattias.ellert@physics.uu.se>  Thu, 14 Feb 2019 17:12:12 +0100
+
 gsoap (2.8.35-4+deb9u1) stretch; urgency=medium
 
   * Fix for CVE-2017-9765
diff -Nru gsoap-2.8.35/debian/patches/gsoap-CVE-2019-7659.patch gsoap-2.8.35/debian/patches/gsoap-CVE-2019-7659.patch
--- gsoap-2.8.35/debian/patches/gsoap-CVE-2019-7659.patch	1970-01-01 01:00:00.000000000 +0100
+++ gsoap-2.8.35/debian/patches/gsoap-CVE-2019-7659.patch	2019-02-14 17:12:12.000000000 +0100
@@ -0,0 +1,50 @@
+diff -ur gsoap-2.8.35.orig/gsoap/stdsoap2.c gsoap-2.8.35/gsoap/stdsoap2.c
+--- gsoap-2.8.35.orig/gsoap/stdsoap2.c	2016-09-18 10:56:10.000000000 +0200
++++ gsoap-2.8.35/gsoap/stdsoap2.c	2019-02-13 17:21:44.188000000 +0100
+@@ -7037,11 +7037,12 @@
+ 
+ #ifndef PALM_1
+ SOAP_FMAC1
+-size_t
++int
+ SOAP_FMAC2
+-soap_encode_url(const char *s, char *t, size_t len)
++soap_encode_url(const char *s, char *t, int len)
+ { int c;
+-  size_t n = len;
++  int n = len;
++  if (n <= 0) return 0;
+   while ((c = *s++) && --n > 0)
+   { if (c > ' ' && c < 128 && !strchr("()<>@,;:\\\"/[]?={}#!$&'*+", c))
+       *t++ = c;
+diff -ur gsoap-2.8.35.orig/gsoap/stdsoap2.cpp gsoap-2.8.35/gsoap/stdsoap2.cpp
+--- gsoap-2.8.35.orig/gsoap/stdsoap2.cpp	2016-09-18 10:56:10.000000000 +0200
++++ gsoap-2.8.35/gsoap/stdsoap2.cpp	2019-02-13 17:21:44.188000000 +0100
+@@ -7037,11 +7037,12 @@
+ 
+ #ifndef PALM_1
+ SOAP_FMAC1
+-size_t
++int
+ SOAP_FMAC2
+-soap_encode_url(const char *s, char *t, size_t len)
++soap_encode_url(const char *s, char *t, int len)
+ { int c;
+-  size_t n = len;
++  int n = len;
++  if (n <= 0) return 0;
+   while ((c = *s++) && --n > 0)
+   { if (c > ' ' && c < 128 && !strchr("()<>@,;:\\\"/[]?={}#!$&'*+", c))
+       *t++ = c;
+diff -ur gsoap-2.8.35.orig/gsoap/stdsoap2.h gsoap-2.8.35/gsoap/stdsoap2.h
+--- gsoap-2.8.35.orig/gsoap/stdsoap2.h	2016-09-18 10:56:10.000000000 +0200
++++ gsoap-2.8.35/gsoap/stdsoap2.h	2019-02-13 17:19:31.088000000 +0100
+@@ -3380,7 +3380,7 @@
+ SOAP_FMAC1 const char* SOAP_FMAC2 soap_extend_url(struct soap *soap, const char*, const char*);
+ SOAP_FMAC1 const char* SOAP_FMAC2 soap_extend_url_query(struct soap *soap, const char*, const char*);
+ SOAP_FMAC1 void SOAP_FMAC2 soap_url_query(struct soap *soap, const char*, const char*);
+-SOAP_FMAC1 size_t SOAP_FMAC2 soap_encode_url(const char*, char*, size_t);
++SOAP_FMAC1 int SOAP_FMAC2 soap_encode_url(const char*, char*, int);
+ SOAP_FMAC1 const char* SOAP_FMAC2 soap_encode_url_string(struct soap*, const char*);
+ #ifdef WITH_COOKIES
+ SOAP_FMAC1 void SOAP_FMAC2 soap_getcookies(struct soap *soap, const char *val);
diff -Nru gsoap-2.8.35/debian/patches/gsoap-malformed-DIME.patch gsoap-2.8.35/debian/patches/gsoap-malformed-DIME.patch
--- gsoap-2.8.35/debian/patches/gsoap-malformed-DIME.patch	1970-01-01 01:00:00.000000000 +0100
+++ gsoap-2.8.35/debian/patches/gsoap-malformed-DIME.patch	2019-02-13 17:12:41.000000000 +0100
@@ -0,0 +1,22 @@
+diff -ur gsoap-2.8.orig/gsoap/stdsoap2.c gsoap-2.8/gsoap/stdsoap2.c
+--- gsoap-2.8.orig/gsoap/stdsoap2.c	2017-07-11 03:51:16.000000000 +0200
++++ gsoap-2.8/gsoap/stdsoap2.c	2018-04-18 16:09:06.340071192 +0200
+@@ -16965,7 +16965,6 @@
+       return soap->error = SOAP_CHK_EOF;
+     soap_unget(soap, soap_getchar(soap)); /* skip padding and get hdr */
+     DBGLOG(TEST, SOAP_MESSAGE(fdebug, "... From chunked\n"));
+-    return SOAP_OK;
+   }
+   s = (char*)tmp;
+   for (i = 12; i > 0; i--)
+diff -ur gsoap-2.8.orig/gsoap/stdsoap2.cpp gsoap-2.8/gsoap/stdsoap2.cpp
+--- gsoap-2.8.orig/gsoap/stdsoap2.cpp	2017-07-11 03:51:16.000000000 +0200
++++ gsoap-2.8/gsoap/stdsoap2.cpp	2018-04-18 16:09:06.340071192 +0200
+@@ -16965,7 +16965,6 @@
+       return soap->error = SOAP_CHK_EOF;
+     soap_unget(soap, soap_getchar(soap)); /* skip padding and get hdr */
+     DBGLOG(TEST, SOAP_MESSAGE(fdebug, "... From chunked\n"));
+-    return SOAP_OK;
+   }
+   s = (char*)tmp;
+   for (i = 12; i > 0; i--)
diff -Nru gsoap-2.8.35/debian/patches/series gsoap-2.8.35/debian/patches/series
--- gsoap-2.8.35/debian/patches/series	2017-08-16 11:57:36.000000000 +0200
+++ gsoap-2.8.35/debian/patches/series	2019-02-14 17:12:12.000000000 +0100
@@ -13,3 +13,9 @@
 
 # CVE-2017-9765
 gsoap-CVE-2017-9765.patch
+
+# Fix issue with DIME protocol receiver and malformed DIME headers
+gsoap-malformed-DIME.patch
+
+# CVE-2019-7659
+gsoap-CVE-2019-7659.patch

Attachment: signature.asc
Description: This is a digitally signed message part


--- End Message ---
--- Begin Message --- 
Version: 9.10

Hi,

The fixes referenced by each of these bugs were included in today's
stretch point release (9.10).

Regards,

Adam

--- End Message ---
Reply to: