Your message dated Sun, 08 Feb 2015 18:33:28 +0000
with message-id <[email protected]>
and subject line Bug#773659: fixed in cabextract 1.5-1
has caused the Debian Bug report #773659,
regarding cabextract: null pointer dereference on a crafted CAB
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
773659: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773659
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: cabextract
Version: 1.4-4+b1
Usertags: afl
cabextract crashes (trying to dereference null pointed) on the attached
crafted CAB file:
$ gpg -d nullderef.cab.asc > nullderef.cab
$ cabextract -t nullderef.cab
nullderef.cab: WARNING; possible 1626 extra bytes at end of file.
Testing cabinet: nullderef.cab
failed (error in CAB data format)
failed (Success)
E failed (error in CAB data format)
Segmentation fault
Backtrace:
#0 0x00000000 in ?? ()
#1 0x0804e094 in cabd_extract (base=0x805b008, file=0x8063600, filename=0x8056643
"test") at mspack/cabd.c:1068
#2 0x080493b4 in process_cabinet (basename=0xffffd9b8 "nullderef.cab") at
src/cabextract.c:467
#3 0x08048fc4 in main (argc=3, argv=0xffffd804) at src/cabextract.c:350
This bug was found using American fuzzy lop:
https://packages.debian.org/experimental/afl
-- System Information:
Debian Release: 8.0
APT prefers unstable
APT policy: (990, 'unstable'), (500, 'experimental')
Architecture: i386 (x86_64)
Foreign Architectures: amd64
Kernel: Linux 3.2.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=C, LC_CTYPE=pl_PL.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)
Versions of packages cabextract depends on:
ii libc6 2.19-13
--
Jakub Wilk
-----BEGIN PGP MESSAGE-----
Version: GnuPG v1
owFby+6ZxJtXmpOTklqUmqaXnJgUMp1J0TfY2Y0BCO4wQIAOlGZmZGRghLJdgRjE
288AAz2uGDoaGLDqcFu0z4J9W9J85enNT+8X55W7G68/MPWihaPE0yn6Rpx2W1Ns
XioUvg+YMjHpmdTftQL/Cl31028tmPck9w23R/m9C4cduK8s+/BMrueUe1dJzLSy
0DVvXoaUcWuUSqWH9ep/mLpJMq1qxq68Lo1t23NSL6VVPuTUmXrRE8X0KRNZGKT+
rkMYnceCMPoNxOgyFKO7cAeKIAMzLAy8RXsN+Q4Z/GSu3p/katVcwb4Q6Ffswfj3
P0YwMoLV3weHzf8GcNjkuKNYy4tiLa64wBd7fwUwdECdCYmS+ZAoSVEBRQki0GLA
gQaKD8xAw+qkR6hOEmDoCc/PUWDIycxNLcpMzmYw27hRr59hG4OzNwsorJybKxb5
UhUYUdMwUOAkZ2+FOHo/0NHAeOY4ZCDAUr0X6PaTqGAbnIUtZN2FUUMWKbHXQwJX
AiNFfsBIkQ6lSfPzqAdO4gBbUXhncCkjH2yHMeAJiPp2EA12oPBAiZaGls0lS9cB
NP42rKpQASwRR2JP2zoQyg+7bA8FAFYeFKAXUUrg6gKjPGCAZS0+cNaCFgvg7DMR
ln2SbdCzzwGf+DuCoHxjjpRvMMvD/+fxFO7o9UYCtN6w6MqKuQyyQJ6wCgA=
=8ie6
-----END PGP MESSAGE-----
--- End Message ---
--- Begin Message ---
Source: cabextract
Source-Version: 1.5-1
We believe that the bug you reported is fixed in the latest version of
cabextract, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Eric Sharkey <[email protected]> (supplier of updated cabextract package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sun, 08 Feb 2015 12:53:42 -0500
Source: cabextract
Binary: cabextract
Architecture: source i386
Version: 1.5-1
Distribution: unstable
Urgency: low
Maintainer: Eric Sharkey <[email protected]>
Changed-By: Eric Sharkey <[email protected]>
Description:
cabextract - Microsoft Cabinet file unpacker
Closes: 773659
Changes:
cabextract (1.5-1) unstable; urgency=low
.
* New upstream release
* Includes fix for null dereference: Closes: #773659
Checksums-Sha1:
d91301c71031ed1bf10121f4a15807df1e4a3850 1703 cabextract_1.5-1.dsc
7ddb31072590a807bef09234f46f940e1ba51067 241010 cabextract_1.5.orig.tar.gz
9e4545dd158cdf280f3e57519b4e0ae4c90dad7a 6480 cabextract_1.5-1.debian.tar.xz
68dda1f9941dd2bb7847f05e2d535c2d78a69d7c 29608 cabextract_1.5-1_i386.deb
Checksums-Sha256:
5023dafd4a2672d1b788effca30cf4f5761fd37a05f72755f1ddfdb87232ba6c 1703
cabextract_1.5-1.dsc
23d6ae3f65cd90b036958fa95fc4d9983f80fded4bd8e2ad2736ba8c4095268a 241010
cabextract_1.5.orig.tar.gz
309c98846e58d3fc340bf5cb3bd68cc95142f4c301765fed40a06adc97b18d4c 6480
cabextract_1.5-1.debian.tar.xz
abdf69b5c026c203e612bc4bd773bccc4bb885f72e558d858336f8ee6e3d0589 29608
cabextract_1.5-1_i386.deb
Files:
6aa458250dc3007e6d1e418aa717ee42 29608 utils optional cabextract_1.5-1_i386.deb
491032236dae850861cf97ec5085de67 1703 utils optional cabextract_1.5-1.dsc
4e22fc3b36eb028acf2115b44f85930d 241010 utils optional
cabextract_1.5.orig.tar.gz
7335d3326bedef957ab8fd2f8d99d7d7 6480 utils optional
cabextract_1.5-1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
iQIcBAEBCAAGBQJU16XWAAoJEEXizaWn/ZD5n14QAMvIGy/ssOBY/2t0i4gBRHq3
QGGQ0wAiBagjldYL49AXwPgEsSi/TrFwO8DHhIWcTrRw9ylrEBnn8LR8e6Av0hWR
NWP+eLNEaw3dJewb2J/KT3rQRY1JjrEeTDqWEK6VjFtV3UVo4+rcvcczng5FSJa0
jlOYLpM14EEPX7ZRbBOjNJBvhzoxkgx9Z86xN8Zs/4OoYfGMk3U4TkNtr1OIaL0a
0j+MkLEZD/FmXWquVIUwVY0Wk82cd6af0FqPC41dKmI0vVWi3dKg1nDc5AyN0U20
oof2Cu4M26L62hEKoQFTPlDnJqtLhf5qdOxAxM/OCKUqEG0dt3Yk6SLpUl7tHSEY
VAC5koqDI+u8gWLEA7rVP4gRPn0IMaNcJ++TPKp4b/rRGNFufbzuelld7+hY7mvs
tyZoa2hxKVP0FTzlyHtT+LUJzsYKawkYAUt0Gd0jPsPROMZHNAFI9pZECwi1+mB0
BwwaJV4Q3sjEDmC/UegiYoljQLw+QPjDvTOKn86eOjPgTPLIXWPumS/yqo4EnKSe
RYhRLFdKDbcgCmbwYBr2WfsSdAaNbudyDS7z/yfzmorSb+sqBrY+U9k+yY0TQOac
NI9gi0+eqFF71OyYgGnAE+PHBEEe2VhYs6JjsMkqc5ETc+ylso/CIyuw70mGjAOd
QXDYBC9OUmBgRAFBwWtS
=9Iz3
-----END PGP SIGNATURE-----
--- End Message ---
