Your message dated Sat, 27 Mar 2021 10:26:45 +0000 with message-id <702e3cb8159c9986264e966af79023672688a8a4.camel@adam-barratt.org.uk> and subject line Closing p-u requests for fixes included in 10.9 point release has caused the Debian Bug report #983051, regarding buster-pu: package xterm/344-1+deb10u1 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 983051: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=983051 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: buster-pu: package xterm/344-1+deb10u1
- From: Sven Joachim <svenjoac@gmx.de>
- Date: Thu, 18 Feb 2021 17:54:16 +0100
- Message-id: <87o8gh71vr.fsf@turtle.gmx.de>
Package: release.debian.org Severity: normal Tags: buster User: release.debian.org@packages.debian.org Usertags: pu X-Debbugs-Cc: Salvatore Bonaccorso <carnil@debian.org>, Julien Cristau <jcristau@debian.org>, Sven Joachim <svenjoac@gmx.de> I would like to fix bug #982439/CVE-2021-27135[1] in Buster, a potential DoS against xterm when the user selects specially crafted text. The fix is already in testing and applies unmodified to the version in Buster, the code in question had not seen any changes since then. The xterm package in Stretch-LTS has also already been patched. At [2] there is the upstream source of the patch. Thanks for considering. 1. https://bugs.debian.org/982439 2. https://github.com/ThomasDickey/xterm-snapshots/commit/82ba55b8f994ab30ff561a347b82ea340ba7075c#diff-1316a8dc8f904428cd95f29accdea9fff33e680f9f30216391d8df33d2f9f806diff -Nru xterm-344/debian/changelog xterm-344/debian/changelog --- xterm-344/debian/changelog 2019-02-14 18:04:18.000000000 +0100 +++ xterm-344/debian/changelog 2021-02-18 17:39:44.000000000 +0100 @@ -1,3 +1,11 @@ +xterm (344-1+deb10u1) buster; urgency=medium + + * Apply upstream fix from xterm 365d for CVE-2021-27135. + - Correct upper-limit for selection buffer, accounting for combining + characters (Closes: #982439). + + -- Sven Joachim <svenjoac@gmx.de> Thu, 18 Feb 2021 17:39:44 +0100 + xterm (344-1) unstable; urgency=medium * New upstream release. diff -Nru xterm-344/debian/patches/CVE-2021-27135.diff xterm-344/debian/patches/CVE-2021-27135.diff --- xterm-344/debian/patches/CVE-2021-27135.diff 1970-01-01 01:00:00.000000000 +0100 +++ xterm-344/debian/patches/CVE-2021-27135.diff 2021-02-17 19:28:55.000000000 +0100 @@ -0,0 +1,55 @@ +Description: Fix for CVE-2021-27135 from xterm 365d + Correct upper-limit for selection buffer, accounting for + combining characters (report by Tavis Ormandy). + +--- + button.c | 23 +++++++++++++++++++---- + 1 file changed, 19 insertions(+), 4 deletions(-) + +--- a/button.c ++++ b/button.c +@@ -3914,6 +3914,7 @@ SaltTextAway(XtermWidget xw, + int i; + int eol; + int need = 0; ++ size_t have = 0; + Char *line; + Char *lp; + CELL first = *cellc; +@@ -3948,7 +3949,11 @@ SaltTextAway(XtermWidget xw, + + /* UTF-8 may require more space */ + if_OPT_WIDE_CHARS(screen, { +- need *= 4; ++ if (need > 0) { ++ if (screen->max_combining > 0) ++ need += screen->max_combining; ++ need *= 6; ++ } + }); + + /* now get some memory to save it in */ +@@ -3986,10 +3991,20 @@ SaltTextAway(XtermWidget xw, + } + *lp = '\0'; /* make sure we have end marked */ + +- TRACE(("Salted TEXT:%u:%s\n", (unsigned) (lp - line), +- visibleChars(line, (unsigned) (lp - line)))); ++ have = (size_t) (lp - line); ++ /* ++ * Scanning the buffer twice is unnecessary. Discard unwanted memory if ++ * the estimate is too-far off. ++ */ ++ if ((have * 2) < (size_t) need) { ++ scp->data_limit = have + 1; ++ line = realloc(line, scp->data_limit); ++ } ++ ++ TRACE(("Salted TEXT:%u:%s\n", (unsigned) have, ++ visibleChars(line, (unsigned) have))); + +- scp->data_length = (size_t) (lp - line); ++ scp->data_length = have; + } + + #if OPT_PASTE64 diff -Nru xterm-344/debian/patches/series xterm-344/debian/patches/series --- xterm-344/debian/patches/series 2019-02-13 17:54:29.000000000 +0100 +++ xterm-344/debian/patches/series 2021-02-17 18:51:05.000000000 +0100 @@ -1,3 +1,4 @@ 900_debian_xterm.diff 902_windowops.diff 904_fontops.diff +CVE-2021-27135.diffAttachment: signature.asc
Description: PGP signature
--- End Message ---
--- Begin Message ---
- To: 981453-done@bugs.debian.org, 981664-done@bugs.debian.org, 982002-done@bugs.debian.org, 982311-done@bugs.debian.org, 982571-done@bugs.debian.org, 982669-done@bugs.debian.org, 982796-done@bugs.debian.org, 983051-done@bugs.debian.org, 983113-done@bugs.debian.org, 983134-done@bugs.debian.org, 983485-done@bugs.debian.org, 983527-done@bugs.debian.org, 983918-done@bugs.debian.org, 984790-done@bugs.debian.org, 984886-done@bugs.debian.org, 984896-done@bugs.debian.org, 984899-done@bugs.debian.org, 985115-done@bugs.debian.org, 985359-done@bugs.debian.org, 985371-done@bugs.debian.org, 985450-done@bugs.debian.org, 985466-done@bugs.debian.org, 985472-done@bugs.debian.org, 985545-done@bugs.debian.org, 985609-done@bugs.debian.org, 985624-done@bugs.debian.org
- Subject: Closing p-u requests for fixes included in 10.9 point release
- From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
- Date: Sat, 27 Mar 2021 10:26:45 +0000
- Message-id: <702e3cb8159c9986264e966af79023672688a8a4.camel@adam-barratt.org.uk>
Package: release.debian.org Version: 10.9 Hi, Each of the updates referenced in these bugs was included in the 10.9 point release today. Regards, Adam
--- End Message ---