Package: release.debian.org Severity: normal Tags: buster User: release.debian....@packages.debian.org Usertags: pu
Dear Release Team, I have just uploaded libsolv/0.6.35-2+deb10u1 to buster. + * debian/patches: + + CVE-2019-20387: Add 0001_CVE-2019-20387.patch. Resolves heap-based buffer + over-read in repodata.c (Closes: #949611). -> ... fixing CVE-2019-20387. + + 1006_various-types.patch: Trivial rebase. + -> ... and fixing lines in patch 1006. Greets, Mike -- System Information: Debian Release: 10.2 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'proposed-updates'), (500, 'stable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.19.0-6-amd64 (SMP w/4 CPU cores) Kernel taint flags: TAINT_WARN, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled
diff -Nru libsolv-0.6.35/debian/changelog libsolv-0.6.35/debian/changelog --- libsolv-0.6.35/debian/changelog 2018-09-03 11:14:21.000000000 +0200 +++ libsolv-0.6.35/debian/changelog 2020-01-30 22:35:28.000000000 +0100 @@ -1,3 +1,12 @@ +libsolv (0.6.35-2+deb10u1) buster; urgency=medium + + * debian/patches: + + CVE-2019-20387: Add 0001_CVE-2019-20387.patch. Resolves heap-based buffer + over-read in repodata.c (Closes: #949611). + + 1006_various-types.patch: Trivial rebase. + + -- Mike Gabriel <mike.gabr...@das-netzwerkteam.de> Thu, 30 Jan 2020 22:35:28 +0100 + libsolv (0.6.35-2) unstable; urgency=medium * debian/changelog: White-space cleanup in previous stanza. diff -Nru libsolv-0.6.35/debian/patches/0001_CVE-2019-20387.patch libsolv-0.6.35/debian/patches/0001_CVE-2019-20387.patch --- libsolv-0.6.35/debian/patches/0001_CVE-2019-20387.patch 1970-01-01 01:00:00.000000000 +0100 +++ libsolv-0.6.35/debian/patches/0001_CVE-2019-20387.patch 2020-01-30 18:50:22.000000000 +0100 @@ -0,0 +1,32 @@ +From fdb9c9c03508990e4583046b590c30d958f272da Mon Sep 17 00:00:00 2001 +From: Zhipeng Xie <xiezhipe...@huawei.com> +Date: Tue, 6 Aug 2019 09:50:57 +0800 +Subject: [PATCH] repodata_schema2id: fix heap-buffer-overflow in memcmp + +When the length of last schema in data->schemadata is +less than length of input schema, we got a read overflow +in asan test. + +Signed-off-by: Zhipeng Xie <xiezhipe...@huawei.com> +--- + src/repodata.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +--- a/src/repodata.c ++++ b/src/repodata.c +@@ -205,11 +205,13 @@ + cid = schematahash[h]; + if (cid) + { +- if (!memcmp(data->schemadata + data->schemata[cid], schema, len * sizeof(Id))) ++ if ((data->schemata[cid] + len <= data->schemadatalen) && ++ !memcmp(data->schemadata + data->schemata[cid], schema, len * sizeof(Id))) + return cid; + /* cache conflict, do a slow search */ + for (cid = 1; cid < data->nschemata; cid++) +- if (!memcmp(data->schemadata + data->schemata[cid], schema, len * sizeof(Id))) ++ if ((data->schemata[cid] + len <= data->schemadatalen) && ++ !memcmp(data->schemadata + data->schemata[cid], schema, len * sizeof(Id))) + return cid; + } + /* a new one */ diff -Nru libsolv-0.6.35/debian/patches/1006_various-types.patch libsolv-0.6.35/debian/patches/1006_various-types.patch --- libsolv-0.6.35/debian/patches/1006_various-types.patch 2018-08-20 12:35:15.000000000 +0200 +++ libsolv-0.6.35/debian/patches/1006_various-types.patch 2020-01-30 22:35:14.000000000 +0100 @@ -87,7 +87,7 @@ *-l* 'PKGSPEC':: --- a/src/rules.c +++ b/src/rules.c -@@ -1583,7 +1583,7 @@ +@@ -1607,7 +1607,7 @@ if (allowedarchs.count && pool->implicitobsoleteusescolors && installed && bestscore) { diff -Nru libsolv-0.6.35/debian/patches/series libsolv-0.6.35/debian/patches/series --- libsolv-0.6.35/debian/patches/series 2018-04-24 12:45:47.000000000 +0200 +++ libsolv-0.6.35/debian/patches/series 2020-01-30 22:35:14.000000000 +0100 @@ -1,2 +1,3 @@ 1004_cmake-module-path-fix.patch 1006_various-types.patch +0001_CVE-2019-20387.patch