Control: tags 860940 + patch Control: tags 860940 + pending Dear maintainer,
I've prepared an NMU for minicom (versioned as 2.7-1.1) and uploaded it to DELAYED/2. Please feel free to tell me if I should delay it longer. Regards, Salvatore
diff -Nru minicom-2.7/debian/changelog minicom-2.7/debian/changelog --- minicom-2.7/debian/changelog 2014-01-01 10:28:01.000000000 +0100 +++ minicom-2.7/debian/changelog 2017-04-22 11:14:19.000000000 +0200 @@ -1,3 +1,11 @@ +minicom (2.7-1.1) unstable; urgency=high + + * Non-maintainer upload. + * Add ARRAY_SIZE macro + * CVE-2017-7467: Out of bounds write in vt100.c (Closes: #860940) + + -- Salvatore Bonaccorso <car...@debian.org> Sat, 22 Apr 2017 11:14:19 +0200 + minicom (2.7-1) unstable; urgency=low * New upstream release, closes: #707564 (configurable status line). diff -Nru minicom-2.7/debian/patches/Add-ARRAY_SIZE-macro.diff minicom-2.7/debian/patches/Add-ARRAY_SIZE-macro.diff --- minicom-2.7/debian/patches/Add-ARRAY_SIZE-macro.diff 1970-01-01 01:00:00.000000000 +0100 +++ minicom-2.7/debian/patches/Add-ARRAY_SIZE-macro.diff 2017-04-22 11:14:19.000000000 +0200 @@ -0,0 +1,19 @@ +# HG changeset patch +# User Adam Lackorzynski <a...@os.inf.tu-dresden.de> +# Date 1440364600 -7200 +# Node ID 4eff7b4cde33a56d9caf64e44722186c89e26922 +# Parent 3cb4335d5819099c85a30dae714f0a213fa4a44c +Add ARRAY_SIZE macro + +diff -r 3cb4335d5819 -r 4eff7b4cde33 src/minicom.h +--- a/src/minicom.h Mon Jun 29 21:16:14 2015 +0200 ++++ b/src/minicom.h Sun Aug 23 23:16:40 2015 +0200 +@@ -303,6 +303,7 @@ + int lockfile_create(int no_msgs); + void lockfile_remove(void); + ++#define ARRAY_SIZE(a) (sizeof(a) / sizeof(a[0])) + + + /* We want the ANSI offsetof macro to do some dirty stuff. */ + diff -Nru minicom-2.7/debian/patches/CVE-2017-7467.diff minicom-2.7/debian/patches/CVE-2017-7467.diff --- minicom-2.7/debian/patches/CVE-2017-7467.diff 1970-01-01 01:00:00.000000000 +0100 +++ minicom-2.7/debian/patches/CVE-2017-7467.diff 2017-04-22 11:14:19.000000000 +0200 @@ -0,0 +1,33 @@ +# HG changeset patch +# User Adam Lackorzynski <a...@os.inf.tu-dresden.de> +# Date 1492510834 -7200 +# Node ID c33d24938f3ed3dc2b7d328fe255794468a814eb +# Parent c72edf0e43bca463239ea15594d128ecbc0d2574 +Fix CVE-2017-7467, a remote exploitalbe out of bound access + +This fixes an out of bounds data access that can lead to a +remotely exploitable code execution. + +This issue was found by Solar Designer of Openwall during a +security audit of the Virtuozzo 7 product, which contains +derived downstream code in its prl-vzvncserver component. +The corresponding Virtuozzo 7 fix is: + +https://src.openvz.org/projects/OVZ/repos/prl-vzvncserver/commits/6d95404e75b98f36b1cc85ee23df99dcf06ca13f + +Openwall would like to thank the Virtuozzo company for +funding the effort. + +diff -r c72edf0e43bc -r c33d24938f3e src/vt100.c +--- a/src/vt100.c Sat Sep 17 02:17:37 2016 +0200 ++++ b/src/vt100.c Tue Apr 18 12:20:34 2017 +0200 +@@ -428,7 +428,7 @@ + } + /* Separation between numbers ? */ + if (c == ';') { +- if (ptr < 15) ++ if (ptr < (int)ARRAY_SIZE(escparms) - 1) + ptr++; + return; + } + diff -Nru minicom-2.7/debian/patches/series minicom-2.7/debian/patches/series --- minicom-2.7/debian/patches/series 2014-01-01 10:21:15.000000000 +0100 +++ minicom-2.7/debian/patches/series 2017-04-22 11:14:19.000000000 +0200 @@ -2,3 +2,5 @@ 01manual.diff 03norzsz.diff 470582_history_buffer_msg.diff +Add-ARRAY_SIZE-macro.diff +CVE-2017-7467.diff
