Bug#970655: buster-pu: package sleuthkit/4.6.5-1+deb10u1
Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian.org@packages.debian.org
Usertags: pu
Dear Release Team,
I would like to update the sleuthkit on the buster to prevent a stack buffer
overflow in yaffsfs_istat, because during a review of the Debian Security
Tracker, I found CVE-2020-10232.
There is no DSA assigned to the bug and it was marked "no-dsa" and so I'm doing
a normal upload.
"This is potentially exploitable by an attacker creating a file in a yaffs
image with abnormally large time values", as reported in:
https://github.com/sleuthkit/sleuthkit/pull/1836
Vulnerable code follows:
tsk/fs/yaffs.cpp line 2442:
char timeBuf[32];
This vulnerability has been assigned the CVE id CVE-2020-10232.
Upstream fixed the bug at:
https://github.com/sleuthkit/sleuthkit/pull/1836/commits/459ae818fc8dae717549810150de4d191ce158f1
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10232
[1] https://security-tracker.debian.org/tracker/CVE-2020-10232
[2] https://bugs.debian.org/953976
Sincerely,
Francisco
diff -Nru sleuthkit-4.6.5/debian/changelog sleuthkit-4.6.5/debian/changelog
--- sleuthkit-4.6.5/debian/changelog 2019-01-22 11:53:42.000000000 +0000
+++ sleuthkit-4.6.5/debian/changelog 2020-09-16 23:47:07.000000000 +0000
@@ -1,3 +1,11 @@
+sleuthkit (4.6.5-1+deb10u1) buster; urgency=high
+
+ * Team upload.
+ * Add patch to fix stack buffer overflow in yaffsfs_istat.
+ (Closes: #953976, CVE-2020-10232)
+
+ -- Francisco Vilmar Cardoso Ruviaro <francisco.ruviaro@riseup.net> Wed, 16
Sep 2020 23:47:07 +0000
+
sleuthkit (4.6.5-1) unstable; urgency=medium
* Team upload
diff -Nru sleuthkit-4.6.5/debian/patches/CVE-2020-10232.patch
sleuthkit-4.6.5/debian/patches/CVE-2020-10232.patch
--- sleuthkit-4.6.5/debian/patches/CVE-2020-10232.patch 1970-01-01
00:00:00.000000000 +0000
+++ sleuthkit-4.6.5/debian/patches/CVE-2020-10232.patch 2020-09-16
23:47:07.000000000 +0000
@@ -0,0 +1,21 @@
+Description: Fix stack buffer overflow in yaffsfs_istat.
+ Prevent a stack buffer overflow in yaffsfs_istat by increasing
+ the buffer size to the size required by tsk_fs_time_to_str.
+Author: micrictor <mic.ric.tor@gmail.com>
+Origin:
https://github.com/sleuthkit/sleuthkit/commit/459ae818fc8dae717549810150de4d191ce158f1
+Bug: https://github.com/sleuthkit/sleuthkit/pull/1836
+Forwarded: not-needed
+Reviewed-By: Francisco Vilmar Cardoso Ruviaro <francisco.ruviaro@riseup.net>
+Last-Update: 2020-08-28
+
+--- sleuthkit-4.6.5.orig/tsk/fs/yaffs.cpp
++++ sleuthkit-4.6.5/tsk/fs/yaffs.cpp
+@@ -2439,7 +2439,7 @@ static uint8_t
+ YAFFSFS_INFO *yfs = (YAFFSFS_INFO *)fs;
+ char ls[12];
+ YAFFSFS_PRINT_ADDR print;
+- char timeBuf[32];
++ char timeBuf[128];
+ YaffsCacheObject * obj = NULL;
+ YaffsCacheVersion * version = NULL;
+ YaffsHeader * header = NULL;
diff -Nru sleuthkit-4.6.5/debian/patches/series
sleuthkit-4.6.5/debian/patches/series
--- sleuthkit-4.6.5/debian/patches/series 2019-01-22 11:52:14.000000000 +0000
+++ sleuthkit-4.6.5/debian/patches/series 2020-09-16 23:47:07.000000000 +0000
@@ -3,4 +3,4 @@
50_disable-ant-clean.patch
60_fix-FTBFS-HURD.patch
0005-Disable-test_libraries.sh.patch
-
+CVE-2020-10232.patch
--
Francisco Vilmar Cardoso Ruviaro <francisco.ruviaro@riseup.net>
4096R: 1B8C F656 EF3B 8447 2F48 F0E7 82FB F706 0B2F 7D00
Reply to: