Bug#1068451: marked as done (bookworm-pu: package libtommath/1.2.0-6+deb12u1)

Sat, 29 Jun 2024 04:00:10 -0700 

Your message dated Sat, 29 Jun 2024 10:46:18 +0000
with message-id <e1snvb0-002bd7...@coccia.debian.org>
and subject line Released with 12.6
has caused the Debian Bug report #1068451,
regarding bookworm-pu: package libtommath/1.2.0-6+deb12u1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1068451: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068451
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian....@packages.debian.org
Usertags: pu
X-Debbugs-Cc: libtomm...@packages.debian.org
Control: affects -1 + src:libtommath

Addresses CVE-2023-36328, debdiff below. Acked by Dominique before.

Cheers,
        Moritz

diff -Nru libtommath-1.2.0/debian/changelog libtommath-1.2.0/debian/changelog
--- libtommath-1.2.0/debian/changelog   2021-02-07 11:58:15.000000000 +0100
+++ libtommath-1.2.0/debian/changelog   2024-04-04 22:20:38.000000000 +0200
@@ -1,3 +1,9 @@
+libtommath (1.2.0-6+deb12u1) bookworm; urgency=medium
+
+  * CVE-2023-36328 (Closes: #1051100)
+
+ -- Moritz Mühlenhoff <j...@debian.org>  Thu, 04 Apr 2024 22:20:38 +0200
+
 libtommath (1.2.0-6) unstable; urgency=medium
 
   [ Helmut Grohne ]
diff -Nru libtommath-1.2.0/debian/patches/CVE-2023-36328.patch 
libtommath-1.2.0/debian/patches/CVE-2023-36328.patch
--- libtommath-1.2.0/debian/patches/CVE-2023-36328.patch        1970-01-01 
01:00:00.000000000 +0100
+++ libtommath-1.2.0/debian/patches/CVE-2023-36328.patch        2024-04-04 
22:20:38.000000000 +0200
@@ -0,0 +1,121 @@
+From beba892bc0d4e4ded4d667ab1d2a94f4d75109a9 Mon Sep 17 00:00:00 2001
+From: czurnieden <czurnie...@gmx.de>
+Date: Tue, 9 May 2023 17:17:12 +0200
+Subject: [PATCH] Fix possible integer overflow
+
+---
+ bn_mp_2expt.c                | 4 ++++
+ bn_mp_grow.c                 | 4 ++++
+ bn_mp_init_size.c            | 5 +++++
+ bn_mp_mul_2d.c               | 4 ++++
+ bn_s_mp_mul_digs.c           | 4 ++++
+ bn_s_mp_mul_digs_fast.c      | 4 ++++
+ bn_s_mp_mul_high_digs.c      | 4 ++++
+ bn_s_mp_mul_high_digs_fast.c | 4 ++++
+ 8 files changed, 33 insertions(+)
+
+--- libtommath-1.2.0.orig/bn_mp_2expt.c
++++ libtommath-1.2.0/bn_mp_2expt.c
+@@ -12,6 +12,10 @@ mp_err mp_2expt(mp_int *a, int b)
+ {
+    mp_err    err;
+ 
++   if (b < 0) {
++      return MP_VAL;
++   }
++
+    /* zero a as per default */
+    mp_zero(a);
+ 
+--- libtommath-1.2.0.orig/bn_mp_grow.c
++++ libtommath-1.2.0/bn_mp_grow.c
+@@ -9,6 +9,10 @@ mp_err mp_grow(mp_int *a, int size)
+    int     i;
+    mp_digit *tmp;
+ 
++   if (size < 0) {
++      return MP_VAL;
++   }
++
+    /* if the alloc size is smaller alloc more ram */
+    if (a->alloc < size) {
+       /* reallocate the array a->dp
+--- libtommath-1.2.0.orig/bn_mp_init_size.c
++++ libtommath-1.2.0/bn_mp_init_size.c
+@@ -6,6 +6,11 @@
+ /* init an mp_init for a given size */
+ mp_err mp_init_size(mp_int *a, int size)
+ {
++
++   if (size < 0) {
++      return MP_VAL;
++   }
++
+    size = MP_MAX(MP_MIN_PREC, size);
+ 
+    /* alloc mem */
+--- libtommath-1.2.0.orig/bn_mp_mul_2d.c
++++ libtommath-1.2.0/bn_mp_mul_2d.c
+@@ -9,6 +9,10 @@ mp_err mp_mul_2d(const mp_int *a, int b,
+    mp_digit d;
+    mp_err   err;
+ 
++   if (b < 0) {
++      return MP_VAL;
++   }
++
+    /* copy */
+    if (a != c) {
+       if ((err = mp_copy(a, c)) != MP_OKAY) {
+--- libtommath-1.2.0.orig/bn_s_mp_mul_digs.c
++++ libtommath-1.2.0/bn_s_mp_mul_digs.c
+@@ -16,6 +16,10 @@ mp_err s_mp_mul_digs(const mp_int *a, co
+    mp_word r;
+    mp_digit tmpx, *tmpt, *tmpy;
+ 
++   if (digs < 0) {
++      return MP_VAL;
++   }
++
+    /* can we use the fast multiplier? */
+    if ((digs < MP_WARRAY) &&
+        (MP_MIN(a->used, b->used) < MP_MAXFAST)) {
+--- libtommath-1.2.0.orig/bn_s_mp_mul_digs_fast.c
++++ libtommath-1.2.0/bn_s_mp_mul_digs_fast.c
+@@ -26,6 +26,10 @@ mp_err s_mp_mul_digs_fast(const mp_int *
+    mp_digit W[MP_WARRAY];
+    mp_word  _W;
+ 
++   if (digs < 0) {
++      return MP_VAL;
++   }
++
+    /* grow the destination as required */
+    if (c->alloc < digs) {
+       if ((err = mp_grow(c, digs)) != MP_OKAY) {
+--- libtommath-1.2.0.orig/bn_s_mp_mul_high_digs.c
++++ libtommath-1.2.0/bn_s_mp_mul_high_digs.c
+@@ -15,6 +15,10 @@ mp_err s_mp_mul_high_digs(const mp_int *
+    mp_word  r;
+    mp_digit tmpx, *tmpt, *tmpy;
+ 
++   if (digs < 0) {
++      return MP_VAL;
++   }
++
+    /* can we use the fast multiplier? */
+    if (MP_HAS(S_MP_MUL_HIGH_DIGS_FAST)
+        && ((a->used + b->used + 1) < MP_WARRAY)
+--- libtommath-1.2.0.orig/bn_s_mp_mul_high_digs_fast.c
++++ libtommath-1.2.0/bn_s_mp_mul_high_digs_fast.c
+@@ -19,6 +19,10 @@ mp_err s_mp_mul_high_digs_fast(const mp_
+    mp_digit W[MP_WARRAY];
+    mp_word  _W;
+ 
++   if (digs < 0) {
++      return MP_VAL;
++   }
++
+    /* grow the destination as required */
+    pa = a->used + b->used;
+    if (c->alloc < pa) {
diff -Nru libtommath-1.2.0/debian/patches/series 
libtommath-1.2.0/debian/patches/series
--- libtommath-1.2.0/debian/patches/series      2021-02-07 11:58:15.000000000 
+0100
+++ libtommath-1.2.0/debian/patches/series      2024-04-04 22:20:38.000000000 
+0200
@@ -2,3 +2,4 @@
 remove-undefined-macro
 fix-shift-count-overflow-on-x32
 use-utc-timezone
+CVE-2023-36328.patch

--- End Message ---
--- Begin Message --- 
Version: 12.6

The upload requested in this bug has been released as part of 12.6.

--- End Message ---

Reply via email to