Hi, Attached is a (not-yet tested) proposed debdiff for wheezy-security.
Regards, Salvatore
diff -Nru polarssl-1.2.9/debian/changelog polarssl-1.2.9/debian/changelog --- polarssl-1.2.9/debian/changelog 2014-02-25 20:46:03.000000000 +0100 +++ polarssl-1.2.9/debian/changelog 2014-07-15 06:52:47.000000000 +0200 @@ -1,3 +1,12 @@ +polarssl (1.2.9-1~deb7u3) wheezy-security; urgency=high + + * Non-maintainer upload by the Security Team. + * Add CVE-2014-4911.patch patch. + CVE-2014-4911: Fix Denial of Service against GCM enabled servers (and + clients). (Closes: #754655) + + -- Salvatore Bonaccorso <[email protected]> Tue, 15 Jul 2014 06:39:38 +0200 + polarssl (1.2.9-1~deb7u2) stable-proposed-updates; urgency=medium * Fix FTBFS bug due to expired certificates, backport from upstream 1.3.4, diff -Nru polarssl-1.2.9/debian/patches/CVE-2014-4911.patch polarssl-1.2.9/debian/patches/CVE-2014-4911.patch --- polarssl-1.2.9/debian/patches/CVE-2014-4911.patch 1970-01-01 01:00:00.000000000 +0100 +++ polarssl-1.2.9/debian/patches/CVE-2014-4911.patch 2014-07-15 06:52:47.000000000 +0200 @@ -0,0 +1,43 @@ +Description: Fix CVE-2014-4911 + Denial of Service against GCM enabled servers (and clients) +Origin: upstream, https://github.com/polarssl/polarssl/commit/5bad6afd8c72b2c3a6574dff01ca5f8f2f04800a +Bug-Debian: https://bugs.debian.org/754655 +Forwarded: not-needed +Author: Salvatore Bonaccorso <[email protected]> +Last-Update: 2014-07-14 +Applied-Upstream: 1.2.11 + +--- a/library/ssl_tls.c ++++ b/library/ssl_tls.c +@@ -1237,6 +1237,9 @@ static int ssl_decrypt_buf( ssl_context + size_t dec_msglen; + unsigned char add_data[13]; + int ret = POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE; ++ unsigned char taglen = 16; ++ unsigned char explicit_iv_len = ssl->transform_in->ivlen - ++ ssl->transform_in->fixed_ivlen; + + #if defined(POLARSSL_AES_C) && defined(POLARSSL_GCM_C) + if( ssl->session_in->ciphersuite == TLS_RSA_WITH_AES_128_GCM_SHA256 || +@@ -1244,11 +1247,16 @@ static int ssl_decrypt_buf( ssl_context + ssl->session_in->ciphersuite == TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 || + ssl->session_in->ciphersuite == TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 ) + { +- dec_msglen = ssl->in_msglen - ( ssl->transform_in->ivlen - +- ssl->transform_in->fixed_ivlen ); +- dec_msglen -= 16; +- dec_msg = ssl->in_msg + ( ssl->transform_in->ivlen - +- ssl->transform_in->fixed_ivlen ); ++ if( ssl->in_msglen < explicit_iv_len + taglen ) ++ { ++ SSL_DEBUG_MSG( 1, ( "msglen (%d) < explicit_iv_len (%d) " ++ "+ taglen (%d)", ssl->in_msglen, ++ explicit_iv_len, taglen ) ); ++ return( POLARSSL_ERR_SSL_INVALID_MAC ); ++ } ++ dec_msglen = ssl->in_msglen - explicit_iv_len - taglen; ++ ++ dec_msg = ssl->in_msg + explicit_iv_len; + dec_msg_result = ssl->in_msg; + ssl->in_msglen = dec_msglen; + diff -Nru polarssl-1.2.9/debian/patches/series polarssl-1.2.9/debian/patches/series --- polarssl-1.2.9/debian/patches/series 2014-02-16 12:14:44.000000000 +0100 +++ polarssl-1.2.9/debian/patches/series 2014-07-15 06:52:47.000000000 +0200 @@ -2,3 +2,4 @@ 02-makefile-destdir-fix.patch 03-library-makefile-adjustments.patch 04-update-certs-in-testsuite.patch +CVE-2014-4911.patch
