Your message dated Tue, 03 Mar 2015 18:48:56 +0000
with message-id <[email protected]>
and subject line Bug#775003: fixed in unace 1.2b-7+deb6u1
has caused the Debian Bug report #775003,
regarding unace: CVE-2015-2063: buffer overflow
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
775003: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775003
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: unace
Version: 1.2b-11
Usertags: afl
unace crashes when trying to test integrity of the attached file:
$ unace t crash
UNACE v1.2 public version
Segmentation fault
gdb says it's an integer overflow, followed by buffer overflow:
(gdb) bt
#0 __memcpy_sse2_unaligned () at
../sysdeps/x86_64/multiarch/memcpy-sse2-unaligned.S:116
#1 0x0000000000401558 in read_header (print_err=0) at unace.c:171
#2 0x00000000004017b7 in read_arc_head () at unace.c:222
#3 0x0000000000401943 in open_archive (print_err=1) at unace.c:254
#4 0x000000000040258f in main (argc=3, argv=0x7fffffffe6d8) at unace.c:604
(gdb) up
#1 0x0000000000401558 in read_header (print_err=0) at unace.c:171
171 memcpy(mhead.AV, tp, rd-(USHORT)(tp-readbuf));
(gdb) print rd-(USHORT)(tp-readbuf)
$1 = -27
This bug was found using American fuzzy lop:
https://packages.debian.org/experimental/afl
-- System Information:
Debian Release: 8.0
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 3.16.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages unace depends on:
ii libc6 2.19-13
--
Jakub Wilk
crash.ACE
Description: Binary data
--- End Message ---
--- Begin Message ---
Source: unace
Source-Version: 1.2b-7+deb6u1
We believe that the bug you reported is fixed in the latest version of
unace, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Thorsten Alteholz <[email protected]> (supplier of updated unace package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 03 Mar 2015 19:03:02 +0100
Source: unace
Binary: unace
Architecture: source i386
Version: 1.2b-7+deb6u1
Distribution: squeeze-lts
Urgency: high
Maintainer: Guillem Jover <[email protected]>
Changed-By: Thorsten Alteholz <[email protected]>
Description:
unace - extract, test and view .ace archives
Closes: 775003
Changes:
unace (1.2b-7+deb6u1) squeeze-lts; urgency=high
.
* Non-maintainer upload by the Squeeze LTS Team.
* Add 006_security-afl.patch patch.
CVE-2015-2063: Buffer overflow when reading bogus file headers
The header parser was not checking if it had read the needed data when
parsing the header from memory. (Closes: #775003)
* Add 005_format-security.patch
Fix format-security build failures.
Checksums-Sha1:
4330f42549a4f02835d47be52f84a88014570b8f 1833 unace_1.2b-7+deb6u1.dsc
54781d630644a68bb3d9338fa6a018b2d4553efb 27561 unace_1.2b.orig.tar.gz
36759633e7d3a6a4cd2f4bfed2740c9d550c6e0a 7816 unace_1.2b-7+deb6u1.diff.gz
3f7f723e5509142236079c7f075b11f7f16da4f3 16852 unace_1.2b-7+deb6u1_i386.deb
Checksums-Sha256:
1a09b9cbaf52efbe5b32ff6cc2bb0de2bbecc2655901e89ab69e6c6abd1b21e5 1833
unace_1.2b-7+deb6u1.dsc
a5f3b7d0994b2c6aa3b95ac1196ee18605d8dbd0660f978f8d64b8583fb55490 27561
unace_1.2b.orig.tar.gz
52210a697190574ada3b2b8011db38f8202c60374c0075af437f7b763c003b3f 7816
unace_1.2b-7+deb6u1.diff.gz
f14986a765754dd0120d1540f2e182a51d5c97feccc9ae3b553768c93198f63f 16852
unace_1.2b-7+deb6u1_i386.deb
Files:
311fa77ef6dd29bbc44280b049578869 1833 utils optional unace_1.2b-7+deb6u1.dsc
51360df61997db28787b60ea7321d83f 27561 utils optional unace_1.2b.orig.tar.gz
78a2ac6f851826ad37c1898443938ec8 7816 utils optional
unace_1.2b-7+deb6u1.diff.gz
3821c9e136bd129e0ee162153869266f 16852 utils optional
unace_1.2b-7+deb6u1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQJ8BAEBCgBmBQJU9gCKXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5
NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hHiTkP/3NxcagLX/EBdEQLJ08/bn6f
hFiOO/60nTN2HIyRcoXpombfp4MdL0BWsC3NsByYhgBLRRkbt+JkFubV83CJInTO
t0IBbFJB5FRvc5oXzPi9PsHRYGtXKkFhSjh8GJC/tb+dHRfVgzHhQb85gNzSsbyW
4qAwTUzeqBYfGLZYYw5YiaWfWhRATpkya71nzZndRYA1nTVRBQDJLTMNP1yOWQSz
+D5GbJ+Op5o59gizVKn/wk2CaTqWcwIpj05KIBC2YE4pymUwOcc2bjBZidvDyfpK
47rXWF9eK5kStUEgrffPVvdB5I4Fx0OI5IAxIPhQ+mO0SCvikyGR4nneIno5JVaI
jjNI1K3I0lgWfGKTOrv7z/QuMjV7BNn2D6kt4IYyAOC7zz1y5UfFExdHzewZYHnc
MiaID+BJRC9c7NEzofGQR5GgVV9lgKqzuk8eKbti38G9jBhczRNk7hBi2w3Wb/MY
CDxdmh/tI+jERtpsLnGDf5uNdahbfsfnnovGN6gomF0FCAYVEWpNq/dbUoJ7z5y1
TZswA+cwrWAl5f5ZFbip8WKOS771IS+rMRznhYoQYhxrX/5r6rC0mBm1ZqBs86FS
9G0flZvgUScS4MQjvsJigwBkPmoR3s8LzsYBDA013C4+1AFGCjrJy7nS5coWA1YG
s/I9DUPpMaM2cxTl/Cph
=YRLg
-----END PGP SIGNATURE-----
--- End Message ---
