Bug#924069: marked as done (unblock: libsndfile/1.0.28-6)

Sat, 09 Mar 2019 03:58:20 -0800 

Your message dated Sat, 9 Mar 2019 11:38:01 +0000
with message-id <20190309113801.ga5...@powdarrmonkey.net>
and subject line Re: Bug#924069: unblock: libsndfile/1.0.28-6
has caused the Debian Bug report #924069,
regarding unblock: libsndfile/1.0.28-6
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
924069: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924069
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Package: release.debian.org
Severity: normal
User: release.debian....@packages.debian.org
Usertags: unblock

Please unblock package libsndfile

Recently a new security vulnerability (CVE-2019-3832) was discovered in
libsndfile (actually it was discovered that the fix for an older vulnerability
was incomplete).  This upload backports the fix.
Because it is a security related issue, i'd very much like to see it in buster.

(include/attach the debdiff against the package in testing)

unblock libsndfile/1.0.28-6

-- System Information:
Debian Release: buster/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'stable-updates'), (500, 
'unstable'), (500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.19.0-3-amd64 (SMP w/4 CPU cores)
Kernel taint flags: TAINT_WARN, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE=C.UTF-8 
(charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

diff -Nru libsndfile-1.0.28/debian/changelog libsndfile-1.0.28/debian/changelog
--- libsndfile-1.0.28/debian/changelog  2019-02-12 15:59:58.000000000 +0100
+++ libsndfile-1.0.28/debian/changelog  2019-03-08 20:35:07.000000000 +0100
@@ -1,3 +1,9 @@
+libsndfile (1.0.28-6) unstable; urgency=medium
+
+  * Backported fix for out-of-bound reading (CVE-2019-3832) (Closes: #922372)
+
+ -- IOhannes m zmölnig (Debian/GNU) <umlae...@debian.org>  Fri, 08 Mar 2019 
20:35:07 +0100
+
 libsndfile (1.0.28-5) unstable; urgency=medium
 
   [ Ondřej Nový ]
diff -Nru libsndfile-1.0.28/debian/patches/CVE-2017-6892.patch 
libsndfile-1.0.28/debian/patches/CVE-2017-6892.patch
--- libsndfile-1.0.28/debian/patches/CVE-2017-6892.patch        2019-02-12 
15:59:58.000000000 +0100
+++ libsndfile-1.0.28/debian/patches/CVE-2017-6892.patch        2019-03-08 
20:35:07.000000000 +0100
@@ -8,11 +8,9 @@
  src/aiff.c | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)
 
-diff --git a/src/aiff.c b/src/aiff.c
-index 6352247..d0911a0 100644
---- a/src/aiff.c
-+++ b/src/aiff.c
-@@ -1905,7 +1905,7 @@ aiff_read_chanmap (SF_PRIVATE * psf, unsigned dword)
+--- libsndfile.orig/src/aiff.c
++++ libsndfile/src/aiff.c
+@@ -1905,7 +1905,7 @@
                psf_binheader_readf (psf, "j", dword - bytesread) ;
  
        if (map_info->channel_map != NULL)
diff -Nru libsndfile-1.0.28/debian/patches/CVE-2019-3832.patch 
libsndfile-1.0.28/debian/patches/CVE-2019-3832.patch
--- libsndfile-1.0.28/debian/patches/CVE-2019-3832.patch        1970-01-01 
01:00:00.000000000 +0100
+++ libsndfile-1.0.28/debian/patches/CVE-2019-3832.patch        2019-03-08 
20:35:07.000000000 +0100
@@ -0,0 +1,21 @@
+From: Emilio Pozuelo Monfort <poch...@gmail.com>
+Date: Tue, 5 Mar 2019 11:27 +0100
+Subject: Fix for CVE-2019-3832
+
+Origin: https://github.com/erikd/libsndfile/pull/460
+Applied-Upstream: 
https://github.com/erikd/libsndfile/commit/7408c4c788ce047d4e652b60a04e7796bcd7267e
+---
+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
+--- libsndfile.orig/src/wav.c
++++ libsndfile/src/wav.c
+@@ -1094,6 +1094,10 @@
+               psf_binheader_writef (psf, "44", 0, 0) ; /* SMTPE format */
+               psf_binheader_writef (psf, "44", psf->instrument->loop_count, 
0) ;
+ 
++              /* Make sure we don't read past the loops array end. */
++              if (psf->instrument->loop_count > ARRAY_LEN 
(psf->instrument->loops))
++                      psf->instrument->loop_count = ARRAY_LEN 
(psf->instrument->loops) ;
++
+               for (tmp = 0 ; tmp < psf->instrument->loop_count ; tmp++)
+               {       int type ;
+ 
diff -Nru libsndfile-1.0.28/debian/patches/series 
libsndfile-1.0.28/debian/patches/series
--- libsndfile-1.0.28/debian/patches/series     2019-02-12 15:59:58.000000000 
+0100
+++ libsndfile-1.0.28/debian/patches/series     2019-03-08 20:35:07.000000000 
+0100
@@ -2,6 +2,7 @@
 CVE-2017-8363.patch
 CVE-2017-8362.patch
 CVE-2017-6892.patch
+CVE-2019-3832.patch
 binheader-heapoverflow.patch
 fix_rf64_arm.patch
 fix_typos.patch
diff -Nru 
libsndfile-1.0.28/debian/patches/src-wav.c-Fix-heap-read-overflow.patch 
libsndfile-1.0.28/debian/patches/src-wav.c-Fix-heap-read-overflow.patch
--- libsndfile-1.0.28/debian/patches/src-wav.c-Fix-heap-read-overflow.patch     
2019-02-12 15:59:58.000000000 +0100
+++ libsndfile-1.0.28/debian/patches/src-wav.c-Fix-heap-read-overflow.patch     
2019-03-08 20:35:07.000000000 +0100
@@ -9,10 +9,8 @@
  src/wav.c | 4 +++-
  1 file changed, 3 insertions(+), 1 deletion(-)
 
-diff --git a/src/wav.c b/src/wav.c
-index 4b943dc..59015a1 100644
---- a/src/wav.c
-+++ b/src/wav.c
+--- libsndfile.orig/src/wav.c
++++ libsndfile/src/wav.c
 @@ -1,5 +1,5 @@
  /*
 -** Copyright (C) 1999-2016 Erik de Castro Lopo <er...@mega-nerd.com>
@@ -20,9 +18,9 @@
  ** Copyright (C) 2004-2005 David Viens <dav...@plogue.com>
  **
  ** This program is free software; you can redistribute it and/or modify
-@@ -1094,6 +1094,8 @@ wav_write_header (SF_PRIVATE *psf, int calc_length)
-               psf_binheader_writef (psf, "44", 0, 0) ; /* SMTPE format */
-               psf_binheader_writef (psf, "44", psf->instrument->loop_count, 
0) ;
+@@ -1098,6 +1098,8 @@
+               if (psf->instrument->loop_count > ARRAY_LEN 
(psf->instrument->loops))
+                       psf->instrument->loop_count = ARRAY_LEN 
(psf->instrument->loops) ;
  
 +              /* Loop count is signed 16 bit number so we limit it range to 
something sensible. */
 +              psf->instrument->loop_count &= 0x7fff ;

--- End Message ---
--- Begin Message --- 
On Sat, Mar 09, 2019 at 09:23:46AM +0100, IOhannes m zmoelnig wrote:
> Please unblock package libsndfile
> 
> Recently a new security vulnerability (CVE-2019-3832) was discovered in
> libsndfile (actually it was discovered that the fix for an older vulnerability
> was incomplete).  This upload backports the fix.
> Because it is a security related issue, i'd very much like to see it in 
> buster.

Unblocked; thanks.


-- 
Jonathan Wiltshire                                      j...@debian.org
Debian Developer                         http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51

--- End Message ---

Reply via email to