Bug#954404: buster-pu: package lwip/2.0.3-3

Sat, 21 Mar 2020 02:55:08 -0700 

Subject: buster-pu: package lwip/2.0.3-3
Package: release.debian.org
User: release.debian....@packages.debian.org
Usertags: pu
Tags: buster
Severity: normal

Hi,

I fixed the CVE-2020-8597 in unstable and testing, and would like to
upload the
fix to buster.

Attached is the debdiff.

[1] https://security-tracker.debian.org/tracker/CVE-2020-8597



-- System Information:
Debian Release: 10.3
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 5.2.0-0.bpo.3-amd64 (SMP w/8 CPU cores)
Locale: LANG=ca_ES.UTF-8, LC_CTYPE=ca_ES.UTF-8 (charmap=UTF-8),
LANGUAGE=ca_ES.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash




*** /home/jlledom/debdiff.diff
diff -Nru lwip-2.0.3/debian/changelog lwip-2.0.3/debian/changelog
--- lwip-2.0.3/debian/changelog 2018-11-04 00:25:58.000000000 +0100
+++ lwip-2.0.3/debian/changelog 2020-03-21 09:02:20.000000000 +0100
@@ -1,3 +1,9 @@
+lwip (2.0.3-3+deb10u1) buster; urgency=high
+
+  * Fix CVE-2020-8597
+
+ -- Joan Lledó <jlle...@member.fsf.org>  Sat, 21 Mar 2020 09:02:20 +0100
+
 lwip (2.0.3-3) unstable; urgency=medium

   [ Samuel Thibault ]
diff -Nru lwip-2.0.3/debian/patches/CVE-2020-8597
lwip-2.0.3/debian/patches/CVE-2020-8597
--- lwip-2.0.3/debian/patches/CVE-2020-8597     1970-01-01
01:00:00.000000000 +0100
+++ lwip-2.0.3/debian/patches/CVE-2020-8597     2020-03-14
10:00:49.000000000 +0100
@@ -0,0 +1,20 @@
+--- a/src/netif/ppp/eap.c
++++ b/src/netif/ppp/eap.c
+@@ -1417,7 +1417,7 @@
+               }
+
+               /* Not so likely to happen. */
+-              if (vallen >= len + sizeof (rhostname)) {
++              if (len - vallen >= (int)sizeof (rhostname)) {
+                       ppp_dbglog("EAP: trimming really long peer name down");
+                       MEMCPY(rhostname, inp + vallen, sizeof (rhostname) - 1);
+                       rhostname[sizeof (rhostname) - 1] = '\0';
+@@ -1845,7 +1845,7 @@
+               }
+
+               /* Not so likely to happen. */
+-              if (vallen >= len + sizeof (rhostname)) {
++              if (len - vallen >= (int)sizeof (rhostname)) {
+                       ppp_dbglog("EAP: trimming really long peer name down");
+                       MEMCPY(rhostname, inp + vallen, sizeof (rhostname) - 1);
+                       rhostname[sizeof (rhostname) - 1] = '\0';
diff -Nru lwip-2.0.3/debian/patches/series lwip-2.0.3/debian/patches/series
--- lwip-2.0.3/debian/patches/series    2018-08-30 10:47:30.000000000 +0200
+++ lwip-2.0.3/debian/patches/series    2020-03-14 10:02:04.000000000 +0100
@@ -1,3 +1,4 @@
+CVE-2020-8597
 port
 posix
 errno

Reply via email to