On Fri, 2016-06-17 at 05:00 +0200, Andreas Bombe wrote: > On Mon, Jun 13, 2016 at 09:26:52AM +0200, Petter Reinholdtsen wrote: [...] > > <URL: https://security-tracker.debian.org/tracker/CVE-2016-4804 > > > <URL: https://security-tracker.debian.org/tracker/CVE-2016-4804 >. > > > > The issues were fixed in Wheezy by the LTS team (DLA-474-1) and is also > > fixed in unstable. I would like to get it fixed in stable too, to get > > it out of my debsecan list. > > > > The attached patch is based on the patches in wheezy, and should solve > > the problems. > > > > Is it OK to upload the fix for stable? > > Yes, please go ahead after taking into account the remark below. Thank > you.
Note that Andreas is not a member of the release team. > > I plan to push the changes to a debian/jessie branch on collab-maint > > once I know the changes are acceptable for a stable update. > > > > > --- /dev/null > > +++ b/debian/patches/CVE-2015-8872.diff > > @@ -0,0 +1,22 @@ > > +https://github.com/dosfstools/dosfstools/commit/07908124838afcc99c577d1d3e84cef2dbd39cb7 > > + > > +Index: dosfstools-collab/src/fat.c > > +=================================================================== > > +--- dosfstools-collab.orig/src/fat.c 2016-06-13 08:07:44.669688617 > > +0200 > > ++++ dosfstools-collab/src/fat.c 2016-06-13 08:07:44.665688587 +0200 > > +@@ -197,10 +197,12 @@ > > + data[1] = new >> 4; > > + } else { > > + FAT_ENTRY subseqEntry; > > +- get_fat(&subseqEntry, fs->fat, cluster + 1, fs); > > ++ if (cluster != fs->clusters - 1) > > ++ get_fat(&subseqEntry, fs->fat, cluster + 1, fs); > > ++ else > > ++ subseqEntry.value = 0; > > + data[0] = new & 0xff; > > +- data[1] = (new >> 8) | (cluster == fs->clusters - 1 ? 0 : > > +- (0xff & subseqEntry.value) << 4); > > ++ data[1] = (new >> 8) | ((0xff & subseqEntry.value) << 4); > > + } > > + size = 2; > > + break; > > This is commit 39ce90fe7 [*] which fixed a possible read access one byte > beyond the end of an array, pretty harmless since the value wouldn't be > used when the read shouldn't have happened. The following commit > 079081248 is the meatier of the fixes and the one actually fixing the > CVE (and the one referenced in the URL above). It needs to be integrated > here. > > [*] > https://github.com/dosfstools/dosfstools/commit/39ce90fe75661ed8842551cd44ea7fec278a60a1 If this is accurate, please can we have a new debdiff. Regards, Adam