Your message dated Thu, 27 Apr 2023 12:03:26 +0200
with message-id <ef551412-2972-b8dc-baf0-a75490a45...@debian.org>
and subject line Re: Bug#1034813: unblock: pev/0.81-9
has caused the Debian Bug report #1034813,
regarding unblock: pev/0.81-9
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1034813: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034813
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian....@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: p...@packages.debian.org, david.polver...@gmail.com
Control: affects -1 + src:pev
Please unblock package pev
[ Reason ]
As per https://udd.debian.org/cgi-bin/key_packages.yaml.cgi, pev is
considered a key package. The version in testing (0.81-8) suffers from
an important bug (#1034725). As such, it will not be removed if the
fixed version doesn't migrate to testing.
[ Impact ]
If pev/0.81-9 does not migrate to testing, bookworm users will likely
install and use an exploitable version of pev at release. If used to
open a maliciously-crafted PE file, it might result in the compromise of
the user's machine. There is a link for a PoC video of exploitability of
the bug at the closed upstream issue [1].
[1] (https://github.com/merces/libpe/issues/35)
[ Tests ]
No existing automated or manual tests exercise the affected code.
[ Risks ]
The changes made to the package are trivial. The applied patch
originated from upstream, and its changes are minimal. There is more
risk in not applying the patch than doing it.
[ Checklist ]
[X] all changes are documented in the d/changelog
[X] I reviewed all changes and I approve them
[X] attach debdiff against the package in testing
unblock pev/0.81-9
diff -Nru pev-0.81/debian/changelog pev-0.81/debian/changelog
--- pev-0.81/debian/changelog 2022-11-07 17:46:55.000000000 +0000
+++ pev-0.81/debian/changelog 2023-04-22 19:41:47.000000000 +0000
@@ -1,3 +1,17 @@
+pev (0.81-9) unstable; urgency=medium
+
+ [ Debian Janitor ]
+ * Use secure URI in Homepage field.
+ * Update standards version to 4.6.2, no changes needed.
+
+ [ David da Silva Polverari ]
+ * debian/copyright: updated packaging copyright years.
+ * debian/patches/0006-fix-bo-pe_exports.patch: created to fix a buffer
+ overflow vulnerability present on libpe's pe_exports function
+ (CVE-2021-45423). (Closes: #1034725)
+
+ -- David da Silva Polverari <david.polver...@gmail.com> Sat, 22 Apr 2023
19:41:47 +0000
+
pev (0.81-8) unstable; urgency=medium
* debian/control: bumped Standards-Version to 4.6.1.
diff -Nru pev-0.81/debian/control pev-0.81/debian/control
--- pev-0.81/debian/control 2022-11-07 17:46:55.000000000 +0000
+++ pev-0.81/debian/control 2023-04-22 19:41:47.000000000 +0000
@@ -1,9 +1,9 @@
Source: pev
Maintainer: David da Silva Polverari <david.polver...@gmail.com>
-Homepage: http://pev.sourceforge.net
+Homepage: https://pev.sourceforge.net
Section: utils
Priority: optional
-Standards-Version: 4.6.1
+Standards-Version: 4.6.2
Build-Depends: debhelper-compat (= 13), libssl-dev
Rules-Requires-Root: no
Vcs-Browser: https://salsa.debian.org/debian/pev
diff -Nru pev-0.81/debian/copyright pev-0.81/debian/copyright
--- pev-0.81/debian/copyright 2022-11-07 17:46:55.000000000 +0000
+++ pev-0.81/debian/copyright 2023-04-22 19:41:47.000000000 +0000
@@ -59,7 +59,7 @@
2016-2021 Petter Reinholdtsen <p...@debian.org>
2017 Adam Borowski <kilob...@angband.pl>
2020 Adrian Bunk <b...@debian.org>
- 2021-2022 David da Silva Polverari <david.polver...@gmail.com>
+ 2021-2023 David da Silva Polverari <david.polver...@gmail.com>
2021 Jelmer Vernooij <jel...@debian.org>
License: BSD-3-Clause
diff -Nru pev-0.81/debian/patches/0006-fix-bo-pe_exports.patch
pev-0.81/debian/patches/0006-fix-bo-pe_exports.patch
--- pev-0.81/debian/patches/0006-fix-bo-pe_exports.patch 1970-01-01
00:00:00.000000000 +0000
+++ pev-0.81/debian/patches/0006-fix-bo-pe_exports.patch 2023-04-22
19:41:47.000000000 +0000
@@ -0,0 +1,28 @@
+Description: fix a buffer overflow vulnerability (CVE-2021-45423)
+ A Buffer Overflow vulnerability exists in Pev 0.81 via the pe_exports function
+ from exports.c. The array offsets_to_Names is dynamically allocated on the
+ stack using exp->NumberOfFunctions as its size. However, the loop uses
+ exp->NumberOfNames to iterate over it and set its components value. Therefore,
+ the loop code assumes that exp->NumberOfFunctions is greater than ordinal at
+ each iteration. This can lead to arbitrary code execution.
+Author: Saullo Carvalho Castelo Branco <saullocarva...@gmail.com>
+Origin: upstream,
https://github.com/merces/libpe/commit/5f44724e8fcdebf8a6b9fd009543c9dcfae4ea32
+Bug: https://github.com/merces/libpe/issues/35
+Bug-Debian: https://bugs.debian.org/1034725
+Applied-Upstream:
https://github.com/merces/libpe/commit/5f44724e8fcdebf8a6b9fd009543c9dcfae4ea32
+Last-Update: 2023-04-22
+
+--- pev-0.81.orig/lib/libpe/exports.c
++++ pev-0.81/lib/libpe/exports.c
+@@ -130,7 +130,10 @@ pe_exports_t *pe_exports(pe_ctx_t *ctx)
+
+ const uint32_t entry_name_rva = *entry_name_list;
+ const uint64_t entry_name_ofs = pe_rva2ofs(ctx, entry_name_rva);
+- offsets_to_Names[ordinal] = entry_name_ofs;
++
++ if (ordinal < exp->NumberOfFunctions) {
++ offsets_to_Names[ordinal] = entry_name_ofs;
++ }
+ }
+
+ //
diff -Nru pev-0.81/debian/patches/series pev-0.81/debian/patches/series
--- pev-0.81/debian/patches/series 2022-11-07 17:46:55.000000000 +0000
+++ pev-0.81/debian/patches/series 2023-04-22 19:41:47.000000000 +0000
@@ -3,3 +3,4 @@
0003-makefile-reproducible.patch
0004-avoid-fixed-path.patch
0005-fix-ftbs-hurd-kfreebsd.patch
+0006-fix-bo-pe_exports.patch
--- End Message ---
--- Begin Message ---
Hi David,
On 25-04-2023 03:14, David da Silva Polverari wrote:
unblock pev/0.81-9
done.
Paul
OpenPGP_signature
Description: OpenPGP digital signature
--- End Message ---
