[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1005233: marked as done (buster-pu: package xterm/344-1+deb10u2)

Your message dated Sat, 26 Mar 2022 12:02:22 +0000
with message-id <540de30a27d37c3ff416b94b1adf7ff2a2cab257.camel@adam-barratt.org.uk>
and subject line Closing requests for updates in 10.12
has caused the Debian Bug report #1005233,
regarding buster-pu: package xterm/344-1+deb10u2
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
1005233: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1005233
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian.org@packages.debian.org
Usertags: pu

I have uploaded xterm 344-1+deb10u2 to fix #1004689 aka CVE-2022-24130
in buster.

This is the same problem and the same fix as the one for bullseye, see
#1005232 for details.  The patch is six lines longer because two minor
changes from xterm 357 had to be applied first.

Cheers,
        Sven


diff -Nru xterm-344/debian/changelog xterm-344/debian/changelog
--- xterm-344/debian/changelog	2021-03-07 17:53:16.000000000 +0100
+++ xterm-344/debian/changelog	2022-02-07 20:05:11.000000000 +0100
@@ -1,3 +1,12 @@
+xterm (344-1+deb10u2) buster; urgency=medium
+
+  * Cherry-pick sixel graphics fixes from xterm 370d and 370f.
+    - Check for out-of-bounds condition while drawing sixels, and quit
+      that operation (report by Nick Black (CVE-2022-24130),
+      Closes: #1004689).
+
+ -- Sven Joachim <svenjoac@gmx.de>  Mon, 07 Feb 2022 20:05:11 +0100
+
 xterm (344-1+deb10u1) buster; urgency=medium
 
   * Apply upstream fix from xterm 366 for CVE-2021-27135.
diff -Nru xterm-344/debian/patches/CVE-2022-24130.diff xterm-344/debian/patches/CVE-2022-24130.diff
--- xterm-344/debian/patches/CVE-2022-24130.diff	1970-01-01 01:00:00.000000000 +0100
+++ xterm-344/debian/patches/CVE-2022-24130.diff	2022-02-02 18:26:45.000000000 +0100
@@ -0,0 +1,79 @@
+Description: Cherry-pick sixel graphics fixes from xterm 370d and 370f
+ Check for out-of-bounds condition while drawing sixels, and quit that
+ operation (report by Nick Black, CVE-2022-24130).
+Bug-Debian: https://bugs.debian.org/1004689
+
+---
+ graphics_sixel.c |   31 +++++++++++++++++++++++++------
+ 1 file changed, 25 insertions(+), 6 deletions(-)
+
+--- a/graphics_sixel.c
++++ b/graphics_sixel.c
+@@ -141,7 +141,7 @@ init_sixel_background(Graphic *graphic,
+     graphic->color_registers_used[context->background] = 1;
+ }
+ 
+-static void
++static Boolean
+ set_sixel(Graphic *graphic, SixelContext const *context, int sixel)
+ {
+     const int mh = graphic->max_height;
+@@ -162,7 +162,10 @@ set_sixel(Graphic *graphic, SixelContext
+ 	   ((color != COLOR_HOLE)
+ 	    ? (unsigned) graphic->color_registers[color].b : 0U)));
+     for (pix = 0; pix < 6; pix++) {
+-	if (context->col < mw && context->row + pix < mh) {
++	if (context->col >= 0 &&
++	    context->col < mw &&
++	    context->row + pix >= 0 &&
++	    context->row + pix < mh) {
+ 	    if (sixel & (1 << pix)) {
+ 		if (context->col + 1 > graphic->actual_width) {
+ 		    graphic->actual_width = context->col + 1;
+@@ -175,8 +178,10 @@ set_sixel(Graphic *graphic, SixelContext
+ 	    }
+ 	} else {
+ 	    TRACE(("sixel pixel %d out of bounds\n", pix));
++	    return False;
+ 	}
+     }
++    return True;
+ }
+ 
+ static void
+@@ -451,7 +456,12 @@ parse_sixel(XtermWidget xw, ANSI *params
+ 		init_sixel_background(graphic, &context);
+ 		graphic->valid = 1;
+ 	    }
+-	    set_sixel(graphic, &context, sixel);
++	    if (sixel) {
++		if (!set_sixel(graphic, &context, sixel)) {
++		    context.col = 0;
++		    break;
++		}
++	    }
+ 	    context.col++;
+ 	} else if (ch == '$') {	/* DECGCR */
+ 	    /* ignore DECCRNLM in sixel mode */
+@@ -528,9 +538,18 @@ parse_sixel(XtermWidget xw, ANSI *params
+ 		init_sixel_background(graphic, &context);
+ 		graphic->valid = 1;
+ 	    }
+-	    for (i = 0; i < Pcount; i++) {
+-		set_sixel(graphic, &context, sixel);
+-		context.col++;
++	    if (sixel) {
++		int i;
++		for (i = 0; i < Pcount; i++) {
++		    if (set_sixel(graphic, &context, sixel)) {
++			context.col++;
++		    } else {
++			context.col = 0;
++			break;
++		    }
++		}
++	    } else {
++		context.col += Pcount;
+ 	    }
+ 	} else if (ch == '#') {	/* DECGCI */
+ 	    ANSI color_params;
diff -Nru xterm-344/debian/patches/series xterm-344/debian/patches/series
--- xterm-344/debian/patches/series	2021-03-05 22:10:42.000000000 +0100
+++ xterm-344/debian/patches/series	2022-02-02 17:42:37.000000000 +0100
@@ -2,3 +2,4 @@
 902_windowops.diff
 904_fontops.diff
 CVE-2021-27135.diff
+CVE-2022-24130.diff

Attachment: signature.asc
Description: PGP signature


--- End Message ---
--- Begin Message --- 
Package: release.debian.org
Version: 10.12

Hi,

The updates referenced in these requests were included in oldstable as
part of today's 10.12 point release.

Regards,

Adam

--- End Message ---
Reply to: