--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: buster-pu: package gdnsd/2.4.3-1
- From: Faidon Liambotis <paravoid@debian.org>
- Date: Fri, 12 Feb 2021 02:15:29 +0200
- Message-id: <20210212001525.GA349412@tty.gr>
Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian.org@packages.debian.org
Usertags: pu
Hi there,
This is a buster proposed update to fix CVE-2019-13952 aka #932407. This
is an old and really minor vulnerability, which I honestly had forgotten
about. It's easy and thus still good to fix.
I've packaged this as 2.4.3-1 (from 2.4.2-1). While technically a new
upstream release, it was released solely to contain this (two-line) fix,
with no other changes, as you can also see below. 2.4.3-1 never existed
in unstable either (it went to 3.5.0-1 directly), so it should be safe
for upgrades as well. Hope that's OK!
Diff below. Thank you for your consideration!
Regards,
Faidon
diff --git a/NEWS b/NEWS
index 152edad..33019fb 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,8 @@
+2.4.3 - 2019-07-19
+ * Fix CVE-2019-13952: IPv6 addresses in local zone file data which are
+ longer than the maximum legitimate IPv6 address cause a stack buffer
+ overflow and crash.
+
2.4.2 - 2019-02-11
* FreeBSD: Fix EADDRNOTAVAIL issue for IPv6 sockets when the listening IP
is bound to the loopback and traffic is routed indirectly, by resetting
diff --git a/configure.ac b/configure.ac
index 3ce9ee8..539ddec 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1,5 +1,5 @@
AC_PREREQ([2.63])
-AC_INIT([gdnsd],[2.4.2],[https://github.com/gdnsd/gdnsd/issues])
+AC_INIT([gdnsd],[2.4.3],[https://github.com/gdnsd/gdnsd/issues])
AC_CONFIG_SRCDIR([src/main.c])
AC_CONFIG_AUX_DIR([acaux])
AM_INIT_AUTOMAKE([1.11.1 dist-xz no-dist-gzip foreign tar-ustar subdir-objects -Wall])
diff --git a/debian/changelog b/debian/changelog
index e4ec3c9..6cb188f 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+gdnsd (2.4.3-1) buster; urgency=medium
+
+ * Fix CVE-2019-13952: IPv6 addresses in local zone file data which are
+ longer than the maximum legitimate IPv6 address cause a stack buffer
+ overflow and crash. (Closes: #932407)
+
+ -- Faidon Liambotis <paravoid@debian.org> Thu, 11 Feb 2021 23:58:20 +0200
+
gdnsd (2.4.2-1) unstable; urgency=medium
* New upstream point release.
diff --git a/debian/gbp.conf b/debian/gbp.conf
index 81b6d6d..e4bff86 100644
--- a/debian/gbp.conf
+++ b/debian/gbp.conf
@@ -1,6 +1,6 @@
[DEFAULT]
upstream-tree=tag
-debian-branch=debian
+debian-branch=debian/buster
upstream-tag = v%(version)s
no-create-orig = True
compression = xz
diff --git a/src/zscan_rfc1035.rl b/src/zscan_rfc1035.rl
index ad230c6..7be5ee5 100644
--- a/src/zscan_rfc1035.rl
+++ b/src/zscan_rfc1035.rl
@@ -111,6 +111,8 @@ F_NONNULL
static void set_ipv6(zscan_t* z, const char* end) {
char txt[INET6_ADDRSTRLEN + 1];
unsigned len = end - z->tstart;
+ if (len > INET6_ADDRSTRLEN)
+ parse_error_noargs("IPv6 address unparseable (too long)");
memcpy(txt, z->tstart, len);
txt[len] = 0;
z->tstart = NULL;
--- End Message ---