Your message dated Mon, 09 Apr 2018 03:10:01 +0000
with message-id <e1f5nbx-000i3i...@fasolo.debian.org>
and subject line Bug#895225: fixed in zsh 5.5-1
has caused the Debian Bug report #895225,
regarding zsh: CVE-2018-1100: check bounds on buffer in mail checking
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
895225: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=895225
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: zsh
Version: 3.1.7-1
Severity: normal
Tags: security fixed-upstream patch
Control: forwarded -1
https://www.zsh.org/cgi-bin/mla/redirect?WORKERNUMBER=42607
Hi,
there happened another security fix at zsh upstream:
https://www.zsh.org/cgi-bin/mla/redirect?WORKERNUMBER=42607
https://sourceforge.net/p/zsh/code/ci/31f72205630687c1cef89347863aab355296a27f/
git.code.sf.net is currently unreachable for me (ping
timeout), but the mirror at GitHub already has it, too:
https://github.com/zsh-users/zsh/commit/31f72205630687c1cef89347863aab355296a27f
That way I could attach the upstream patch to this mail:
commit 31f72205630687c1cef89347863aab355296a27f
Author: Oliver Kiddle <okid...@yahoo.co.uk>
Date: Sat Apr 7 18:28:38 2018 +0200
42607, CVE-2018-1100: check bounds on buffer in mail checking
diff --git a/ChangeLog b/ChangeLog
index 60ec155d7..2cc699b67 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,8 @@
2018-04-07 Oliver Kiddle <okid...@yahoo.co.uk>
+ * 42607, CVE-2018-1100: Src/utils.c: check bounds on buffer
+ in mail checking
+
* 42600: Src/Zle/computil.c: error paths for _values leaked
the exclusion list array
diff --git a/Src/utils.c b/Src/utils.c
index c544b81bf..180693d67 100644
--- a/Src/utils.c
+++ b/Src/utils.c
@@ -1653,7 +1653,7 @@ checkmailpath(char **s)
LinkList l;
DIR *lock = opendir(unmeta(*s));
char buf[PATH_MAX * 2 + 1], **arr, **ap;
- int ct = 1;
+ int buflen, ct = 1;
if (lock) {
char *fn;
@@ -1662,9 +1662,11 @@ checkmailpath(char **s)
l = newlinklist();
while ((fn = zreaddir(lock, 1)) && !errflag) {
if (u)
- sprintf(buf, "%s/%s?%s", *s, fn, u);
+ buflen = snprintf(buf, sizeof(buf), "%s/%s?%s", *s, fn, u);
else
- sprintf(buf, "%s/%s", *s, fn);
+ buflen = snprintf(buf, sizeof(buf), "%s/%s", *s, fn);
+ if (buflen < 0 || buflen >= (int)sizeof(buf))
+ continue;
addlinknode(l, dupstring(buf));
ct++;
}
This will likely be part of the upcoming 5.5 release, maybe also of an
potential further release candidate. JFTR: It is not fixed in zsh
5.4.2-test-2-1 which I uploaded yesterday to experimental as the
upstream git tag for that release candidate is from Thursday while the
commit mentioned above is from Saturday.
According to "git blame", this code has been touched last time between
the 3.1.6 and 3.17 releases (i.e. in April 2000), so declaring it as
introduced with 3.1.7 for now. The bug itself might affect even older
releases since the commit db663c824a (which last touched these lines)
seems to be primarily change code indentation. But for Debian it does
not really matter how early it has been introduced, so I stop digging
here.
-- Package-specific info:
Packages which depend, recommend, suggest or enhance a zsh package and hence
may provide code meant to be sourced in .zshrc:
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name Version Architecture Description
+++-===================-==============-==============-===========================================
ii abe-commandline 17.5 all Metapackage of
commandline tools Axel usual
ii abe-desktop-common 13.1.1 all Common packages for all
of Axel's desktop s
ii autojump 22.5.0-2 all shell extension to jump
to frequently used
ii fizsh 1.0.9-1 all Friendly Interactive
ZSHell
ii flowscan 1.006-13.2 all flow-based IP traffic
analysis and visualiz
ii powerline 2.6-1 amd64 prompt and statusline
utility
ii shellex 0.2-1 amd64 shell-based launcher
ii tomb 2.5+dfsg1-1 all crypto undertaker
ii zomg 0.8-3 amd64 console-based libre.fm
submission and radio
ii zplug 2.4.2-1 all next-generation plugin
manager for zsh
ii zsh-antigen 2.2.3-1 all manage your zsh plugins
ii zsh-syntax-highligh 0.6.0-1 all Fish shell like syntax
highlighting for zsh
ii zsh-theme-powerleve 0.6.4-1 all powerlevel9k is a theme
for zsh which uses
ii zshdb 0.92-3 all debugger for Z-Shell
scripts
Packages which provide vendor completions:
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name Version Architecture Description
+++-===================-==============-==============-===========================================
ii 0xffff 0.7-2 amd64 Open Free Fiasco Firmware
Flasher
ii autojump 22.5.0-2 all shell extension to jump
to frequently used
ii bugz 0.10.1-3 all command-line interface to
Bugzilla
ii cmus 2.7.1+git20160 amd64 lightweight ncurses audio
player
ii curl 7.58.0-2 amd64 command line tool for
transferring data wit
ii git-annex 6.20180316-1 amd64 manage files with git,
without checking the
ii git-buildpackage 0.9.8 all Suite to help with Debian
packages in Git r
ii git-extras 4.5.0-1 all Extra commands for git
ii git-flow 1.11.0-1 all Git extension to provide
a high-level branc
ii herbstluftwm 0.7.0-2 amd64 manual tiling window
manager for X11
ii keyringer 0.5.0-2 all Distributed secret
management using GnuPG a
ii khal 1:0.9.8-1 all Standards based CLI and
terminal calendar p
ii khard 0.12.2-2 amd64 address book for the
Linux console
ii legit 1.0.1-2 all Git extension to assist
in manipulating bra
ii leiningen 2.8.1-4 all Automation tool and
dependency manager for
ii mpv 0.27.2-1 amd64 video player based on
MPlayer/mplayer2
ii nim 0.18.0-2 amd64 Nim programming language
- compiler
ii pass 1.7.1-3 all lightweight
directory-based password manage
ii pdfgrep 2.0.1-1 amd64 search in pdf files for
strings matching a
ii silversearcher-ag 2.1.0-1 amd64 very fast grep-like
program, alternative to
ii sysdig 0.19.1-1 amd64 system-level exploration
and troubleshootin
ii systemd 238-4 amd64 system and service manager
ii systemd-container 238-4 amd64 systemd container/nspawn
tools
ii taskwarrior 2.5.1+dfsg-6 amd64 feature-rich console
based todo list manage
ii torsocks 2.2.0-2 amd64 use SOCKS-friendly
applications with Tor
ii udev 238-4 amd64 /dev/ and hotplug
management daemon
ii vcsh 1.20151229-1 all Version Control System
for $HOME - multiple
ii vlc-bin 3.0.1-3 amd64 binaries from VLC
ii vnlog 1.6-1 all Toolkit to
read/write/manipulate whitespace
ii xwallpaper 0.3.0-1 amd64 utility for setting image
files as X wallpa
ii youtube-dl 2018.03.14-1 all downloader of videos from
YouTube and other
dpkg-query: no path found matching pattern /usr/share/zsh/vendor-functions/
-- System Information:
Debian Release: buster/sid
APT prefers unstable
APT policy: (990, 'unstable'), (600, 'testing'), (500, 'unstable-debug'),
(500, 'buildd-unstable'), (110, 'experimental'), (1, 'experimental-debug'), (1,
'buildd-experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 4.15.0-2-amd64 (SMP w/8 CPU cores)
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE=C.UTF-8
(charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)
LSM: AppArmor: enabled
Versions of packages zsh depends on:
ii libc6 2.27-3
ii libcap2 1:2.25-1.2
ii libtinfo5 6.1-1
ii zsh-common 5.4.2-4
Versions of packages zsh recommends:
ii libc6 2.27-3
ii libncursesw5 6.1-1
ii libpcre3 2:8.39-9
Versions of packages zsh suggests:
ii zsh-doc 5.4.2-4
-- no debconf information
--- End Message ---
--- Begin Message ---
Source: zsh
Source-Version: 5.5-1
We believe that the bug you reported is fixed in the latest version of
zsh, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 895...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Axel Beckert <a...@debian.org> (supplier of updated zsh package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 09 Apr 2018 01:17:56 +0200
Source: zsh
Binary: zsh-common zsh zsh-doc zsh-static zsh-dev
Architecture: source all amd64
Version: 5.5-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Zsh Maintainers <pkg-zsh-de...@lists.alioth.debian.org>
Changed-By: Axel Beckert <a...@debian.org>
Description:
zsh - shell with lots of features
zsh-common - architecture independent files for Zsh
zsh-dev - shell with lots of features (development files)
zsh-doc - zsh documentation - info/HTML format
zsh-static - shell with lots of features (static link)
Closes: 895153 895225
Changes:
zsh (5.5-1) unstable; urgency=medium
.
[ Axel Beckert ]
* [fe36c1ad] Import new upstream release.
+ [31f72205] CVE-2018-1100: check bounds on buffer in mail
checking. (Closes: #895225)
.
[ Sven Joachim ]
* [1521c7d0] Handle /usr/local/share/zsh with dh_usrlocal.
(Closes: #895153)
Checksums-Sha1:
f2ed83f519aae5537197a46cc8536732b1adc735 2461 zsh_5.5-1.dsc
1f7ae7488530d1e65483d43af8dc887b8a63fbc7 2682068 zsh_5.5.orig.tar.xz
fd7f681691a63b88396c0846b5f304e401972f15 76180 zsh_5.5-1.debian.tar.xz
428a2913c4f6238d6b19ece09953d3b127f2e378 3597636 zsh-common_5.5-1_all.deb
9841df26bae9d927c77097dfe8153aaa8165d3a4 2164840 zsh-dbgsym_5.5-1_amd64.deb
ab9837f30d6a1b86bcbea3003ddf9b51c79d64c0 254044 zsh-dev_5.5-1_amd64.deb
8ba1a49dbd01d425e90f85026ea0fbcdd3d9d2ef 2675160 zsh-doc_5.5-1_all.deb
74ee0cb9ce1a8a71a80b4d415313b9b38eec74fd 1573316
zsh-static-dbgsym_5.5-1_amd64.deb
2aa638d84bc164994a8c6214a3ccdfeefbeb5eee 1102900 zsh-static_5.5-1_amd64.deb
cabcd4e4b1d4ff4c5ff2faba7fa1d4c14f415ea6 9710 zsh_5.5-1_amd64.buildinfo
893394bdfb02da17989672073ee9fcf1b8721326 859164 zsh_5.5-1_amd64.deb
Checksums-Sha256:
b2a279ed6a46a156e9c129e30aab8110607ef584a530f4c0a527ca0ed7e6978f 2461
zsh_5.5-1.dsc
3d25449ad3346a54688a01df385a59204202d1037454832c1851167fc9c0144b 2682068
zsh_5.5.orig.tar.xz
21cba278df1425ac570914c773909feff04f8272ea012a4e3a963d1186578753 76180
zsh_5.5-1.debian.tar.xz
beb312305194f34e3da79c57f9be41bc7a9c33b246b9c29f43dd48ef31dadd0e 3597636
zsh-common_5.5-1_all.deb
9f8246d721aad4f35e41f2ee5ceda0dbd0e1e8d960deaffc4111f5f870d0d74d 2164840
zsh-dbgsym_5.5-1_amd64.deb
9c0ff4e1b9e3b701740bb9298f55fb718a9af8d3f46258d6f857cd28a4a857b6 254044
zsh-dev_5.5-1_amd64.deb
2f3e38d1e73aaec43e8187d9b051155b5ef73afc967d886f33f602feb79a7af5 2675160
zsh-doc_5.5-1_all.deb
de16a46a299f8572600204a99e783ad610639dfc2439d79361239f1a4b3182f6 1573316
zsh-static-dbgsym_5.5-1_amd64.deb
c36784ae21e67ea36b631f80eeadaec199b624eac4b335d42542babb43697f1b 1102900
zsh-static_5.5-1_amd64.deb
d52ab6f4c30c1ebd89023d597be718d93aa946d9753ea31109ecba5dfdf33210 9710
zsh_5.5-1_amd64.buildinfo
1ea51fced5aff9602d1fe85c98b73dc9fd8a61a7954514e78142ba35b86d870e 859164
zsh_5.5-1_amd64.deb
Files:
50e016ebf611150a902e89ca1882b0e6 2461 shells optional zsh_5.5-1.dsc
bd065ae87c5a14f54c2b557bb7dca81b 2682068 shells optional zsh_5.5.orig.tar.xz
a8ad4cee45cd387fd5bf99a58e79db6e 76180 shells optional zsh_5.5-1.debian.tar.xz
ed4381566a1918b082061960791e4ace 3597636 shells optional
zsh-common_5.5-1_all.deb
88a78284c38816183147cb4b75be7050 2164840 debug optional
zsh-dbgsym_5.5-1_amd64.deb
b580a4531f35bca3a3aab87ba97b5174 254044 libdevel optional
zsh-dev_5.5-1_amd64.deb
4d1ed78a762afee45daabec0ec0ae4f5 2675160 doc optional zsh-doc_5.5-1_all.deb
85b2a788fbe79c572e62a3a262529292 1573316 debug optional
zsh-static-dbgsym_5.5-1_amd64.deb
2a40b3118989899efdfe6a2615cb95cf 1102900 shells optional
zsh-static_5.5-1_amd64.deb
bcc3aee95e95634f254994de16c76056 9710 shells optional zsh_5.5-1_amd64.buildinfo
a3a00b2eec57e3ba5dfb50882ebc1311 859164 shells optional zsh_5.5-1_amd64.deb
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEERoyJeTtCmBnp12Ema+Zjx1o1yXUFAlrKppUACgkQa+Zjx1o1
yXXpMw/8Dj+d+psGomgNiEinzrSbxtH64lTfA3QQRkb+58fOP9pzR+CgsiRHrJXU
ARQ9zUxnJw8s+xo5m6L8/jeula+ksvHjszBCNf+JlZsavpjn5bBCI74JTV7KAoQ5
t7LiqCeh3p3ppUe6sMpXS7OtGCzAnD01GDTvouEXhTiSfHGbuHanfsT91hXekctq
qb64xctzzwnEH+RRYGavE+9avebNOJezkTjgWZcaHBq6lrsMv6mkdzhh/5EcCK3d
Tujm5cKoAiP7klTNBvDSwXaHv3CQu6rqaegZGG6Yldp1jTFyVEzRJkzlPEeqHotH
dG8U6dqjtfsJn7KtR+LFjvzs7hKifZpnJh5/8l53fULCh2NxYOuiRfjzkRpbejc9
NKr4QKHdTcZdv6OrV/LkSqlLE7JGA4HSGitlbyatXovOuvvSUNEwATHMCDP7+Zqj
Op3rD03CzY0y6DdlqLW29EuUGjLLEm2KanQ+OnwSfKD/saNHoE0uwlZFllmswCUo
f9P/enOuYn8jq6JxhB4M51bcoTiwKpqTR8yg2aAZTS/rFoDBvYKZrfk2IeE+IkbI
z9fKUiDNF0Vjb35HDF4XodD4uLDIJsaP8eKvLYJxCu8/TlnBtLNqGcirex+nZYIO
RNvv+wR0jk+Cyingqtw/cTQhZht0+GlVdyAAXjRcIhc9vddCjNE=
=nrtd
-----END PGP SIGNATURE-----
--- End Message ---