Hi Emilio, Laurent, Hector, et al. On Fr 24 Mai 2024 08:48:04 CEST, Debian Bug Tracking System wrote:
Source: ofono X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerability was published for ofono. CVE-2023-2794[0]: | A flaw was found in ofono, an Open Source Telephony on Linux. A | stack overflow bug is triggered within the decode_deliver() function | during the SMS decoding. It is assumed that the attack scenario is | accessible from a compromised modem, a malicious base station, or | just SMS. There is a bound check for this memcpy length in | decode_submit(), but it was forgotten in decode_deliver(). https://bugzilla.redhat.com/show_bug.cgi?id=2255387 https://git.kernel.org/pub/scm/network/ofono/ofono.git/commit/?id=a90421d8e45d63 b304dc010baba24633e7869682 https://git.kernel.org/pub/scm/network/ofono/ofono.git/commit/?id=7f2adfa22fbae8 24f8e2c3ae86a3f51da31ee400 https://git.kernel.org/pub/scm/network/ofono/ofono.git/commit/?id=07f48b23e3877e f7d15a7b0b8b79d32ad0a3607e https://git.kernel.org/pub/scm/network/ofono/ofono.git/commit/?id=8fa1fdfcb54e1e db588c6a5e2688880b065a39c9 If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-2794 https://www.cve.org/CVERecord?id=CVE-2023-2794 Please adjust the affected versions in the BTS as needed.
Is any of you guys planning to fix ofono in Debian unstable anytime soon? Ofono is a direct dependency of the Lomiri Operating Environment and currently two RC bugs in ofono are endangering Lomiri to be removed from testing.
If noone plans to fix Ofono in Debian within the next 1-2 weeks, I'd like to do a team upload. In that case, could any of you give me access to
https://salsa.debian.org/telepathy-team (or just the ofono repo in there). Thanks+Greets, Mike -- mike gabriel aka sunweaver (Debian Developer) mobile: +49 (1520) 1976 148 landline: +49 (4351) 486 14 27 GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31 mail: sunwea...@debian.org, http://sunweavers.net
pgpyfXTc4lgg6.pgp
Description: Digitale PGP-Signatur
