On 2014-04-25 16:40:28, Sebastian Ramacher wrote: > Hi Security Team, > > On 2014-04-20 11:59:23, Salvatore Bonaccorso wrote: > > Source: libmms > > Version: 0.6-1 > > Severity: grave > > Tags: security upstream fixed-upstream > > > > Hi, > > > > the following vulnerability was published for libmms. > > > > CVE-2014-2892[0]: > > heap-based buffer overflow > > Please find attached the debdiffs for squeeze and wheezy. Please let me know > if > it's okay to upload them to the squeeze-security and wheezy-security.
And here are the patches. Cheers -- Sebastian Ramacher
diff -u libmms-0.6/debian/changelog libmms-0.6/debian/changelog --- libmms-0.6/debian/changelog +++ libmms-0.6/debian/changelog @@ -1,3 +1,11 @@ +libmms (0.6-1+squeeze2) squeeze-security; urgency=high + + * Team upload. + * debian/patches/0002-CVE-2014-2892.patch: Apply upstream patch for + CVE-2014-2892. (Closes: #745301) + + -- Sebastian Ramacher <sramac...@debian.org> Fri, 25 Apr 2014 16:14:59 +0200 + libmms (0.6-1+squeeze1) stable; urgency=low * Apply patch by Paul Burton cherry-picked from upstream git to fix diff -u libmms-0.6/debian/patches/series libmms-0.6/debian/patches/series --- libmms-0.6/debian/patches/series +++ libmms-0.6/debian/patches/series @@ -4,0 +5 @@ +0002-CVE-2014-2892.patch only in patch2: unchanged: --- libmms-0.6.orig/debian/patches/0002-CVE-2014-2892.patch +++ libmms-0.6/debian/patches/0002-CVE-2014-2892.patch @@ -0,0 +1,22 @@ +Description: Fix heap based buffer overrun +Bug-Debian: https://bugs.debian.org/745301 +Origin: upstream, + http://sourceforge.net/p/libmms/code/ci/03bcfccc22919c72742b7338d02859962861e0e8 +Last-Update: 2014-04-25 + +diff --git a/src/mmsh.c b/src/mmsh.c +index f7cee4a..bca7fb8 100644 +--- a/src/mmsh.c ++++ b/src/mmsh.c +@@ -307,7 +307,10 @@ static int get_answer (mms_io_t *io, mmsh_t *this) { + len = 0; + } + } else { +- len ++; ++ if (++len >= sizeof(this->buf)) { ++ lprintf("answer too large\n"); ++ return 0; ++ } + } + } + if (this->stream_type == MMSH_UNKNOWN) {
diff -Nru libmms-0.6.2/debian/changelog libmms-0.6.2/debian/changelog --- libmms-0.6.2/debian/changelog 2012-02-14 11:17:26.000000000 +0100 +++ libmms-0.6.2/debian/changelog 2014-04-25 16:15:06.000000000 +0200 @@ -1,3 +1,11 @@ +libmms (0.6.2-3+deb7u1) wheezy-security; urgency=high + + * Team upload. + * debian/patches/0002-CVE-2014-2892.patch: Apply upstream patch for + CVE-2014-2892. (Closes: #745301) + + -- Sebastian Ramacher <sramac...@debian.org> Fri, 25 Apr 2014 16:14:59 +0200 + libmms (0.6.2-3) unstable; urgency=low * Team upload. diff -Nru libmms-0.6.2/debian/gbp.conf libmms-0.6.2/debian/gbp.conf --- libmms-0.6.2/debian/gbp.conf 2011-01-21 11:13:39.000000000 +0100 +++ libmms-0.6.2/debian/gbp.conf 2014-04-25 16:09:10.000000000 +0200 @@ -1,6 +1,6 @@ [DEFAULT] upstream-branch = upstream -debian-branch = master +debian-branch = wheezy upstream-tag = upstream/%(version)s debian-tag = debian/%(version)s pristine-tar = True diff -Nru libmms-0.6.2/debian/patches/0002-CVE-2014-2892.patch libmms-0.6.2/debian/patches/0002-CVE-2014-2892.patch --- libmms-0.6.2/debian/patches/0002-CVE-2014-2892.patch 1970-01-01 01:00:00.000000000 +0100 +++ libmms-0.6.2/debian/patches/0002-CVE-2014-2892.patch 2014-04-25 16:10:12.000000000 +0200 @@ -0,0 +1,22 @@ +Description: Fix heap based buffer overrun +Bug-Debian: https://bugs.debian.org/745301 +Origin: upstream, + http://sourceforge.net/p/libmms/code/ci/03bcfccc22919c72742b7338d02859962861e0e8 +Last-Update: 2014-04-25 + +diff --git a/src/mmsh.c b/src/mmsh.c +index f7cee4a..bca7fb8 100644 +--- a/src/mmsh.c ++++ b/src/mmsh.c +@@ -307,7 +307,10 @@ static int get_answer (mms_io_t *io, mmsh_t *this) { + len = 0; + } + } else { +- len ++; ++ if (++len >= sizeof(this->buf)) { ++ lprintf("answer too large\n"); ++ return 0; ++ } + } + } + if (this->stream_type == MMSH_UNKNOWN) { diff -Nru libmms-0.6.2/debian/patches/series libmms-0.6.2/debian/patches/series --- libmms-0.6.2/debian/patches/series 2012-02-14 11:03:15.000000000 +0100 +++ libmms-0.6.2/debian/patches/series 2014-04-25 16:10:12.000000000 +0200 @@ -1 +1,2 @@ 0001-Fixup-bswap.h-macros.patch +0002-CVE-2014-2892.patch
signature.asc
Description: Digital signature