Package: release.debian.org Severity: normal Tags: stretch User: release.debian....@packages.debian.org Usertags: pu
Hello, recently a buffer overlow in c-ares has been fixed and the Security Team asked me to prepare an upload to stretch (see #865360). Attached you'll find the debdiff. Thanks, Gregor -- System Information: Debian Release: 9.0 APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.9.0-1-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system)
diff -Nru c-ares-1.12.0/debian/changelog c-ares-1.12.0/debian/changelog --- c-ares-1.12.0/debian/changelog 2016-09-29 18:19:09.000000000 +0200 +++ c-ares-1.12.0/debian/changelog 2017-06-26 22:00:03.000000000 +0200 @@ -1,3 +1,9 @@ +c-ares (1.12.0-1+deb9u1) stretch; urgency=medium + + * Add patch for CVE-2017-1000381 (Closes: #865360) + + -- Gregor Jasny <gja...@googlemail.com> Mon, 26 Jun 2017 22:00:03 +0200 + c-ares (1.12.0-1) unstable; urgency=high [ Daniel Stenberg ] diff -Nru c-ares-1.12.0/debian/gbp.conf c-ares-1.12.0/debian/gbp.conf --- c-ares-1.12.0/debian/gbp.conf 2016-02-12 22:09:13.000000000 +0100 +++ c-ares-1.12.0/debian/gbp.conf 2017-06-26 22:00:03.000000000 +0200 @@ -1,6 +1,6 @@ [DEFAULT] upstream-branch = upstream -debian-branch = master +debian-branch = stretch upstream-tag = upstream/%(version)s debian-tag = debian/%(version)s pristine-tar = True diff -Nru c-ares-1.12.0/debian/patches/CVE-2017-1000381.diff c-ares-1.12.0/debian/patches/CVE-2017-1000381.diff --- c-ares-1.12.0/debian/patches/CVE-2017-1000381.diff 1970-01-01 01:00:00.000000000 +0100 +++ c-ares-1.12.0/debian/patches/CVE-2017-1000381.diff 2017-06-26 22:00:03.000000000 +0200 @@ -0,0 +1,30 @@ +Origin: upstream, e1f43d4d7e89ef8db479d6efd0389c6b6ee1d116 +From: David Drysdale <drysd...@google.com> +Date: Mon, 22 May 2017 10:54:10 +0100 +Subject: [PATCH 5/5] ares_parse_naptr_reply: check sufficient data +Bug-Debian: http://bugs.debian.org/865360 + +Check that there is enough data for the required elements +of an NAPTR record (2 int16, 3 bytes for string lengths) +before processing a record. + +--- a/ares_parse_naptr_reply.c ++++ b/ares_parse_naptr_reply.c +@@ -110,6 +110,12 @@ + status = ARES_EBADRESP; + break; + } ++ /* RR must contain at least 7 bytes = 2 x int16 + 3 x name */ ++ if (rr_len < 7) ++ { ++ status = ARES_EBADRESP; ++ break; ++ } + + /* Check if we are really looking at a NAPTR record */ + if (rr_class == C_IN && rr_type == T_NAPTR) +@@ -185,4 +191,3 @@ + + return ARES_SUCCESS; + } +- diff -Nru c-ares-1.12.0/debian/patches/series c-ares-1.12.0/debian/patches/series --- c-ares-1.12.0/debian/patches/series 2016-02-12 22:09:13.000000000 +0100 +++ c-ares-1.12.0/debian/patches/series 2017-06-26 22:00:03.000000000 +0200 @@ -1 +1,2 @@ disable-cflags-rewrite.diff +CVE-2017-1000381.diff