Bug#954404: buster-pu: package lwip/2.0.3-3

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#954404: buster-pu: package lwip/2.0.3-3
From: Joan Lledó <jlledom@mailfence.com>
Date: Sat, 21 Mar 2020 10:25:43 +0100 (CET)
Message-id: <[🔎] b6a6fec4-f59a-240e-a406-f6f5b6ea3baa@mailfence.com>
Reply-to: jlledom@member.fsf.org, 954404@bugs.debian.org

Subject: buster-pu: package lwip/2.0.3-3
Package: release.debian.org
User: release.debian.org@packages.debian.org
Usertags: pu
Tags: buster
Severity: normal

Hi,

I fixed the CVE-2020-8597 in unstable and testing, and would like to
upload the
fix to buster.

Attached is the debdiff.

[1] https://security-tracker.debian.org/tracker/CVE-2020-8597



-- System Information:
Debian Release: 10.3
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 5.2.0-0.bpo.3-amd64 (SMP w/8 CPU cores)
Locale: LANG=ca_ES.UTF-8, LC_CTYPE=ca_ES.UTF-8 (charmap=UTF-8),
LANGUAGE=ca_ES.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash




*** /home/jlledom/debdiff.diff
diff -Nru lwip-2.0.3/debian/changelog lwip-2.0.3/debian/changelog
--- lwip-2.0.3/debian/changelog	2018-11-04 00:25:58.000000000 +0100
+++ lwip-2.0.3/debian/changelog	2020-03-21 09:02:20.000000000 +0100
@@ -1,3 +1,9 @@
+lwip (2.0.3-3+deb10u1) buster; urgency=high
+
+  * Fix CVE-2020-8597
+
+ -- Joan Lledó <jlledom@member.fsf.org>  Sat, 21 Mar 2020 09:02:20 +0100
+
 lwip (2.0.3-3) unstable; urgency=medium

   [ Samuel Thibault ]
diff -Nru lwip-2.0.3/debian/patches/CVE-2020-8597
lwip-2.0.3/debian/patches/CVE-2020-8597
--- lwip-2.0.3/debian/patches/CVE-2020-8597	1970-01-01
01:00:00.000000000 +0100
+++ lwip-2.0.3/debian/patches/CVE-2020-8597	2020-03-14
10:00:49.000000000 +0100
@@ -0,0 +1,20 @@
+--- a/src/netif/ppp/eap.c
++++ b/src/netif/ppp/eap.c
+@@ -1417,7 +1417,7 @@
+ 		}
+
+ 		/* Not so likely to happen. */
+-		if (vallen >= len + sizeof (rhostname)) {
++		if (len - vallen >= (int)sizeof (rhostname)) {
+ 			ppp_dbglog("EAP: trimming really long peer name down");
+ 			MEMCPY(rhostname, inp + vallen, sizeof (rhostname) - 1);
+ 			rhostname[sizeof (rhostname) - 1] = '\0';
+@@ -1845,7 +1845,7 @@
+ 		}
+
+ 		/* Not so likely to happen. */
+-		if (vallen >= len + sizeof (rhostname)) {
++		if (len - vallen >= (int)sizeof (rhostname)) {
+ 			ppp_dbglog("EAP: trimming really long peer name down");
+ 			MEMCPY(rhostname, inp + vallen, sizeof (rhostname) - 1);
+ 			rhostname[sizeof (rhostname) - 1] = '\0';
diff -Nru lwip-2.0.3/debian/patches/series lwip-2.0.3/debian/patches/series
--- lwip-2.0.3/debian/patches/series	2018-08-30 10:47:30.000000000 +0200
+++ lwip-2.0.3/debian/patches/series	2020-03-14 10:02:04.000000000 +0100
@@ -1,3 +1,4 @@
+CVE-2020-8597
 port
 posix
 errno

Reply to:

Follow-Ups:
- Bug#954404: buster-pu: package lwip/2.0.3-3
  - From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
- Processed: Re: Bug#954404: buster-pu: package lwip/2.0.3-3
  - From: "Debian Bug Tracking System" <owner@bugs.debian.org>

Prev by Date: Bug#954399: buster-pu: packages tbsync/1.7-1 dav4tbsync/0.15-1 and eas4tbsync/0.12-1
Next by Date: Bug#953881: transition: ruby2.7 only
Previous by thread: Processed (with 2 errors): Bug#954399: buster-pu: packages tbsync, dav4tbsync and eas4tbsync
Next by thread: Bug#954404: buster-pu: package lwip/2.0.3-3
Index(es):
- Date
- Thread