Package: release.debian.org Severity: normal User: release.debian....@packages.debian.org Usertags: unblock X-Debbugs-Cc: t...@security.debian.org
Dear release team, dear security team, I added a patch to libsignal-protocol-c and uploaded to unstable. It fixes https://security-tracker.debian.org/tracker/CVE-2022-48468 in an embedded code copy. Please let it go into bookworm. Thanks! Cheers
diff -Nru libsignal-protocol-c-2.3.3/debian/changelog libsignal-protocol-c-2.3.3/debian/changelog --- libsignal-protocol-c-2.3.3/debian/changelog 2023-01-13 00:49:29.000000000 +0000 +++ libsignal-protocol-c-2.3.3/debian/changelog 2023-04-20 21:52:41.000000000 +0000 @@ -1,3 +1,10 @@ +libsignal-protocol-c (2.3.3-3) unstable; urgency=medium + + * Add patch to fix unsigned integer overflow in protobuf code + CVE: https://security-tracker.debian.org/tracker/CVE-2022-48468 + + -- Martin <deba...@debian.org> Thu, 20 Apr 2023 21:52:41 +0000 + libsignal-protocol-c (2.3.3-2) unstable; urgency=medium * Bump debhelper compat diff -Nru libsignal-protocol-c-2.3.3/debian/patches/fix-unsigned-integer-overflow.patch libsignal-protocol-c-2.3.3/debian/patches/fix-unsigned-integer-overflow.patch --- libsignal-protocol-c-2.3.3/debian/patches/fix-unsigned-integer-overflow.patch 1970-01-01 00:00:00.000000000 +0000 +++ libsignal-protocol-c-2.3.3/debian/patches/fix-unsigned-integer-overflow.patch 2023-04-20 21:49:54.000000000 +0000 @@ -0,0 +1,30 @@ +Description: Fix unsigned integer overflow + and fix regression caused by that fix + related CVE: + https://security-tracker.debian.org/tracker/CVE-2022-48468 +Author: 10054172 <hui.zh...@thalesgroup.com>, Todd C. Miller <todd.mil...@sudo.ws> +Origin: other +Bug: https://github.com/protobuf-c/protobuf-c/issues/499 +Last-Update: 2023-04-20 +--- +This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ +--- a/src/protobuf-c/protobuf-c.c ++++ b/src/protobuf-c/protobuf-c.c +@@ -2456,10 +2456,13 @@ + return FALSE; + + def_mess = scanned_member->field->default_value; +- subm = protobuf_c_message_unpack(scanned_member->field->descriptor, +- allocator, +- len - pref_len, +- data + pref_len); ++ if (len >= pref_len) ++ subm = protobuf_c_message_unpack(scanned_member->field->descriptor, ++ allocator, ++ len - pref_len, ++ data + pref_len); ++ else ++ subm = NULL; + + if (maybe_clear && + *pmessage != NULL && diff -Nru libsignal-protocol-c-2.3.3/debian/patches/series libsignal-protocol-c-2.3.3/debian/patches/series --- libsignal-protocol-c-2.3.3/debian/patches/series 2023-01-13 00:49:29.000000000 +0000 +++ libsignal-protocol-c-2.3.3/debian/patches/series 2023-04-20 21:45:25.000000000 +0000 @@ -1 +1,2 @@ full-library-version-soname.patch +fix-unsigned-integer-overflow.patch
