Package: release.debian.org Severity: normal Tags: stretch User: release.debian....@packages.debian.org Usertags: pu
This is a proposal to fix CVE-2019-7659 in stretch.
The update also addresses one additional advisory published by the
upstream developers.
debdiff is attached.
gsoap (2.8.35-4+deb9u2) stretch; urgency=medium
* Fix for CVE-2019-7659
Genivia gSOAP 2.7.x and 2.8.x before 2.8.75 allows attackers to cause a
denial of service (application abort) or possibly have unspecified other
impact if a server application is built with the -DWITH_COOKIES flag. This
affects the C/C++ libgsoapck/libgsoapck++ and libgsoapssl/libgsoapssl++
libraries, as these are built with that flag.
* Fix issue with DIME protocol receiver and malformed DIME headers
This patch addresses a critical issue with the DIME protocol receiver that
may cause the receiver to become unresponsive when a malformed DIME
protocol message is received. -- https://www.genivia.com/advisory.html
Mattias Ellert
diff -Nru gsoap-2.8.35/debian/changelog gsoap-2.8.35/debian/changelog --- gsoap-2.8.35/debian/changelog 2017-08-16 11:58:11.000000000 +0200 +++ gsoap-2.8.35/debian/changelog 2019-02-14 17:12:12.000000000 +0100 @@ -1,3 +1,18 @@ +gsoap (2.8.35-4+deb9u2) stretch; urgency=medium + + * Fix for CVE-2019-7659 + Genivia gSOAP 2.7.x and 2.8.x before 2.8.75 allows attackers to cause a + denial of service (application abort) or possibly have unspecified other + impact if a server application is built with the -DWITH_COOKIES flag. This + affects the C/C++ libgsoapck/libgsoapck++ and libgsoapssl/libgsoapssl++ + libraries, as these are built with that flag. + * Fix issue with DIME protocol receiver and malformed DIME headers + This patch addresses a critical issue with the DIME protocol receiver that + may cause the receiver to become unresponsive when a malformed DIME + protocol message is received. -- https://www.genivia.com/advisory.html + + -- Mattias Ellert <mattias.ell...@physics.uu.se> Thu, 14 Feb 2019 17:12:12 +0100 + gsoap (2.8.35-4+deb9u1) stretch; urgency=medium * Fix for CVE-2017-9765 diff -Nru gsoap-2.8.35/debian/patches/gsoap-CVE-2019-7659.patch gsoap-2.8.35/debian/patches/gsoap-CVE-2019-7659.patch --- gsoap-2.8.35/debian/patches/gsoap-CVE-2019-7659.patch 1970-01-01 01:00:00.000000000 +0100 +++ gsoap-2.8.35/debian/patches/gsoap-CVE-2019-7659.patch 2019-02-14 17:12:12.000000000 +0100 @@ -0,0 +1,50 @@ +diff -ur gsoap-2.8.35.orig/gsoap/stdsoap2.c gsoap-2.8.35/gsoap/stdsoap2.c +--- gsoap-2.8.35.orig/gsoap/stdsoap2.c 2016-09-18 10:56:10.000000000 +0200 ++++ gsoap-2.8.35/gsoap/stdsoap2.c 2019-02-13 17:21:44.188000000 +0100 +@@ -7037,11 +7037,12 @@ + + #ifndef PALM_1 + SOAP_FMAC1 +-size_t ++int + SOAP_FMAC2 +-soap_encode_url(const char *s, char *t, size_t len) ++soap_encode_url(const char *s, char *t, int len) + { int c; +- size_t n = len; ++ int n = len; ++ if (n <= 0) return 0; + while ((c = *s++) && --n > 0) + { if (c > ' ' && c < 128 && !strchr("()<>@,;:\\\"/[]?={}#!$&'*+", c)) + *t++ = c; +diff -ur gsoap-2.8.35.orig/gsoap/stdsoap2.cpp gsoap-2.8.35/gsoap/stdsoap2.cpp +--- gsoap-2.8.35.orig/gsoap/stdsoap2.cpp 2016-09-18 10:56:10.000000000 +0200 ++++ gsoap-2.8.35/gsoap/stdsoap2.cpp 2019-02-13 17:21:44.188000000 +0100 +@@ -7037,11 +7037,12 @@ + + #ifndef PALM_1 + SOAP_FMAC1 +-size_t ++int + SOAP_FMAC2 +-soap_encode_url(const char *s, char *t, size_t len) ++soap_encode_url(const char *s, char *t, int len) + { int c; +- size_t n = len; ++ int n = len; ++ if (n <= 0) return 0; + while ((c = *s++) && --n > 0) + { if (c > ' ' && c < 128 && !strchr("()<>@,;:\\\"/[]?={}#!$&'*+", c)) + *t++ = c; +diff -ur gsoap-2.8.35.orig/gsoap/stdsoap2.h gsoap-2.8.35/gsoap/stdsoap2.h +--- gsoap-2.8.35.orig/gsoap/stdsoap2.h 2016-09-18 10:56:10.000000000 +0200 ++++ gsoap-2.8.35/gsoap/stdsoap2.h 2019-02-13 17:19:31.088000000 +0100 +@@ -3380,7 +3380,7 @@ + SOAP_FMAC1 const char* SOAP_FMAC2 soap_extend_url(struct soap *soap, const char*, const char*); + SOAP_FMAC1 const char* SOAP_FMAC2 soap_extend_url_query(struct soap *soap, const char*, const char*); + SOAP_FMAC1 void SOAP_FMAC2 soap_url_query(struct soap *soap, const char*, const char*); +-SOAP_FMAC1 size_t SOAP_FMAC2 soap_encode_url(const char*, char*, size_t); ++SOAP_FMAC1 int SOAP_FMAC2 soap_encode_url(const char*, char*, int); + SOAP_FMAC1 const char* SOAP_FMAC2 soap_encode_url_string(struct soap*, const char*); + #ifdef WITH_COOKIES + SOAP_FMAC1 void SOAP_FMAC2 soap_getcookies(struct soap *soap, const char *val); diff -Nru gsoap-2.8.35/debian/patches/gsoap-malformed-DIME.patch gsoap-2.8.35/debian/patches/gsoap-malformed-DIME.patch --- gsoap-2.8.35/debian/patches/gsoap-malformed-DIME.patch 1970-01-01 01:00:00.000000000 +0100 +++ gsoap-2.8.35/debian/patches/gsoap-malformed-DIME.patch 2019-02-13 17:12:41.000000000 +0100 @@ -0,0 +1,22 @@ +diff -ur gsoap-2.8.orig/gsoap/stdsoap2.c gsoap-2.8/gsoap/stdsoap2.c +--- gsoap-2.8.orig/gsoap/stdsoap2.c 2017-07-11 03:51:16.000000000 +0200 ++++ gsoap-2.8/gsoap/stdsoap2.c 2018-04-18 16:09:06.340071192 +0200 +@@ -16965,7 +16965,6 @@ + return soap->error = SOAP_CHK_EOF; + soap_unget(soap, soap_getchar(soap)); /* skip padding and get hdr */ + DBGLOG(TEST, SOAP_MESSAGE(fdebug, "... From chunked\n")); +- return SOAP_OK; + } + s = (char*)tmp; + for (i = 12; i > 0; i--) +diff -ur gsoap-2.8.orig/gsoap/stdsoap2.cpp gsoap-2.8/gsoap/stdsoap2.cpp +--- gsoap-2.8.orig/gsoap/stdsoap2.cpp 2017-07-11 03:51:16.000000000 +0200 ++++ gsoap-2.8/gsoap/stdsoap2.cpp 2018-04-18 16:09:06.340071192 +0200 +@@ -16965,7 +16965,6 @@ + return soap->error = SOAP_CHK_EOF; + soap_unget(soap, soap_getchar(soap)); /* skip padding and get hdr */ + DBGLOG(TEST, SOAP_MESSAGE(fdebug, "... From chunked\n")); +- return SOAP_OK; + } + s = (char*)tmp; + for (i = 12; i > 0; i--) diff -Nru gsoap-2.8.35/debian/patches/series gsoap-2.8.35/debian/patches/series --- gsoap-2.8.35/debian/patches/series 2017-08-16 11:57:36.000000000 +0200 +++ gsoap-2.8.35/debian/patches/series 2019-02-14 17:12:12.000000000 +0100 @@ -13,3 +13,9 @@ # CVE-2017-9765 gsoap-CVE-2017-9765.patch + +# Fix issue with DIME protocol receiver and malformed DIME headers +gsoap-malformed-DIME.patch + +# CVE-2019-7659 +gsoap-CVE-2019-7659.patch
signature.asc
Description: This is a digitally signed message part
