[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1007909: marked as done (bullseye-pu: package mujs/1.1.0-1+deb11u1)

Your message dated Sat, 26 Mar 2022 11:59:13 +0000
with message-id <c4d20274f6d76a43fb574d2177f6e3af4235e4be.camel@adam-barratt.org.uk>
and subject line Closing p-u requests for updates in 11.3
has caused the Debian Bug report #1007909,
regarding bullseye-pu: package mujs/1.1.0-1+deb11u1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
1007909: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1007909
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian.org@packages.debian.org
Usertags: pu

[ Reason ]
mujs is affected by CVE-2021-45005 in bullseye. sid is already fixed.

[ Checklist ]
  [X] *all* changes are documented in the d/changelog
  [X] I reviewed all changes and I approve them
  [X] attach debdiff against the package in stable
  [X] the issue is verified as fixed in unstable

[ Changes ]
Backport of unstable's changes to fix the CVE.
As the debdiff was acked by the security team but they wanted me to hand it in for the upcoming point release, I am uploading the package while filing this bug. 

Cheers,
Bastian
diff -Nru mujs-1.1.0/debian/changelog mujs-1.1.0/debian/changelog
--- mujs-1.1.0/debian/changelog	2021-02-18 19:47:17.000000000 +0100
+++ mujs-1.1.0/debian/changelog	2022-02-25 21:18:16.000000000 +0100
@@ -1,3 +1,9 @@
+mujs (1.1.0-1+deb11u1) bullseye; urgency=high
+
+  * Clear jump list after patching jump addresses (CVE-2021-45005)
+
+ -- Bastian Germann <bage@debian.org>  Fri, 25 Feb 2022 21:18:16 +0100
+
 mujs (1.1.0-1) unstable; urgency=medium
 
   * Import new upstream version
diff -Nru mujs-1.1.0/debian/patches/Clear-jump-list-after-patching-jump-addresses.patch mujs-1.1.0/debian/patches/Clear-jump-list-after-patching-jump-addresses.patch
--- mujs-1.1.0/debian/patches/Clear-jump-list-after-patching-jump-addresses.patch	1970-01-01 01:00:00.000000000 +0100
+++ mujs-1.1.0/debian/patches/Clear-jump-list-after-patching-jump-addresses.patch	2022-02-25 21:17:24.000000000 +0100
@@ -0,0 +1,88 @@
+Origin: upstream, http://git.ghostscript.com/?p=mujs.git;a=patch;h=df8559e7bdbc6065276e786217eeee70f28fce66
+From: Tor Andersson <tor.andersson@artifex.com>
+Date: Mon, 6 Dec 2021 11:47:31 +0100
+Subject: Bug 704749: Clear jump list after patching jump addresses.
+
+Since we can emit a statement multiple times when compiling try/finally
+we have to use a new patch list for each instance.
+---
+ jscompile.c | 20 ++++++++++++--------
+ 1 file changed, 12 insertions(+), 8 deletions(-)
+
+diff --git a/jscompile.c b/jscompile.c
+index dcdee05..a915903 100644
+--- a/jscompile.c
++++ b/jscompile.c
+@@ -794,15 +794,19 @@ static void addjump(JF, enum js_AstType type, js_Ast *target, int inst)
+ 	target->jumps = jump;
+ }
+ 
+-static void labeljumps(JF, js_JumpList *jump, int baddr, int caddr)
++static void labeljumps(JF, js_Ast *stm, int baddr, int caddr)
+ {
++	js_JumpList *jump = stm->jumps;
+ 	while (jump) {
++		js_JumpList *next = jump->next;
+ 		if (jump->type == STM_BREAK)
+ 			labelto(J, F, jump->inst, baddr);
+ 		if (jump->type == STM_CONTINUE)
+ 			labelto(J, F, jump->inst, caddr);
+-		jump = jump->next;
++		js_free(J, jump);
++		jump = next;
+ 	}
++	stm->jumps = NULL;
+ }
+ 
+ static int isloop(enum js_AstType T)
+@@ -1121,7 +1125,7 @@ static void cstm(JF, js_Ast *stm)
+ 		cexp(J, F, stm->b);
+ 		emitline(J, F, stm);
+ 		emitjumpto(J, F, OP_JTRUE, loop);
+-		labeljumps(J, F, stm->jumps, here(J,F), cont);
++		labeljumps(J, F, stm, here(J,F), cont);
+ 		break;
+ 
+ 	case STM_WHILE:
+@@ -1133,7 +1137,7 @@ static void cstm(JF, js_Ast *stm)
+ 		emitline(J, F, stm);
+ 		emitjumpto(J, F, OP_JUMP, loop);
+ 		label(J, F, end);
+-		labeljumps(J, F, stm->jumps, here(J,F), loop);
++		labeljumps(J, F, stm, here(J,F), loop);
+ 		break;
+ 
+ 	case STM_FOR:
+@@ -1164,7 +1168,7 @@ static void cstm(JF, js_Ast *stm)
+ 		emitjumpto(J, F, OP_JUMP, loop);
+ 		if (end)
+ 			label(J, F, end);
+-		labeljumps(J, F, stm->jumps, here(J,F), cont);
++		labeljumps(J, F, stm, here(J,F), cont);
+ 		break;
+ 
+ 	case STM_FOR_IN:
+@@ -1189,12 +1193,12 @@ static void cstm(JF, js_Ast *stm)
+ 			emitjumpto(J, F, OP_JUMP, loop);
+ 		}
+ 		label(J, F, end);
+-		labeljumps(J, F, stm->jumps, here(J,F), loop);
++		labeljumps(J, F, stm, here(J,F), loop);
+ 		break;
+ 
+ 	case STM_SWITCH:
+ 		cswitch(J, F, stm->a, stm->b);
+-		labeljumps(J, F, stm->jumps, here(J,F), 0);
++		labeljumps(J, F, stm, here(J,F), 0);
+ 		break;
+ 
+ 	case STM_LABEL:
+@@ -1204,7 +1208,7 @@ static void cstm(JF, js_Ast *stm)
+ 			stm = stm->b;
+ 		/* loops and switches have already been labelled */
+ 		if (!isloop(stm->type) && stm->type != STM_SWITCH)
+-			labeljumps(J, F, stm->jumps, here(J,F), 0);
++			labeljumps(J, F, stm, here(J,F), 0);
+ 		break;
+ 
+ 	case STM_BREAK:
diff -Nru mujs-1.1.0/debian/patches/series mujs-1.1.0/debian/patches/series
--- mujs-1.1.0/debian/patches/series	2021-02-18 19:41:21.000000000 +0100
+++ mujs-1.1.0/debian/patches/series	2022-02-25 21:17:24.000000000 +0100
@@ -1,2 +1,3 @@
 Install-versioned-shared-library.patch
 Set-the-right-.pc-version.patch
+Clear-jump-list-after-patching-jump-addresses.patch

--- End Message ---
--- Begin Message --- 
Package: release.debian.org
Version: 11.3

Hi,

The updates referenced by these bugs were included in stable as part of
this morning's 11.3 point release.

Regards,

Adam

--- End Message ---
Reply to: