Package: release.debian.org Severity: normal User: release.debian....@packages.debian.org Usertags: unblock
Please unblock package libmysofa A vulnerability was discovered in libmysofa which has been reported as CVE-2019-10672, resp. Debian bug #926125. While upstream has released a new version of libmysofa to fix the issue, I just backported the fixes to the version currently in testing. The debdiff also includes updates to Vcs-* stanzas and maintainer address (migrating away from the alioth addresses), which i consider non-invasive enough to be included. Since the bug is security related and RC, please unblock it in time for buster. unblock libmysofa/0.6~dfsg0-3 -- System Information: Debian Release: buster/sid APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'stable-updates'), (500, 'unstable'), (500, 'stable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.19.0-4-amd64 (SMP w/4 CPU cores) Kernel taint flags: TAINT_WARN, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE=C.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled
diff -Nru libmysofa-0.6~dfsg0/debian/changelog libmysofa-0.6~dfsg0/debian/changelog --- libmysofa-0.6~dfsg0/debian/changelog 2017-11-20 15:43:42.000000000 +0100 +++ libmysofa-0.6~dfsg0/debian/changelog 2019-04-01 23:25:15.000000000 +0200 @@ -1,3 +1,16 @@ +libmysofa (0.6~dfsg0-3) unstable; urgency=medium + + [ IOhannes m zmölnig ] + * Backport fix for CVE-2019-10672 (Closes: #926125) + + [ Ondřej Nový ] + * d/control: Set Vcs-* to salsa.debian.org + + [ Felipe Sateler ] + * Change maintainer address to debian-multime...@lists.debian.org + + -- IOhannes m zmölnig (Debian/GNU) <umlae...@debian.org> Mon, 01 Apr 2019 23:25:15 +0200 + libmysofa (0.6~dfsg0-2) unstable; urgency=medium * Set Multi-Arch:same (Closes: #882230) diff -Nru libmysofa-0.6~dfsg0/debian/control libmysofa-0.6~dfsg0/debian/control --- libmysofa-0.6~dfsg0/debian/control 2017-11-20 15:43:42.000000000 +0100 +++ libmysofa-0.6~dfsg0/debian/control 2019-04-01 23:25:15.000000000 +0200 @@ -1,6 +1,6 @@ Source: libmysofa Priority: optional -Maintainer: Debian Multimedia Maintainers <pkg-multimedia-maintain...@lists.alioth.debian.org> +Maintainer: Debian Multimedia Maintainers <debian-multime...@lists.debian.org> Uploaders: IOhannes m zmölnig (Debian/GNU) <umlae...@debian.org>, Build-Depends: @@ -12,8 +12,8 @@ Standards-Version: 4.1.1 Section: devel Homepage: https://github.com/hoene/libmysofa -Vcs-Git: https://anonscm.debian.org/git/pkg-multimedia/libmysofa.git -Vcs-Browser: https://anonscm.debian.org/git/pkg-multimedia/libmysofa.git +Vcs-Git: https://salsa.debian.org/multimedia-team/libmysofa.git +Vcs-Browser: https://salsa.debian.org/multimedia-team/libmysofa Package: libmysofa-dev Section: libdevel diff -Nru libmysofa-0.6~dfsg0/debian/patches/CVE-2019-10672.patch libmysofa-0.6~dfsg0/debian/patches/CVE-2019-10672.patch --- libmysofa-0.6~dfsg0/debian/patches/CVE-2019-10672.patch 1970-01-01 01:00:00.000000000 +0100 +++ libmysofa-0.6~dfsg0/debian/patches/CVE-2019-10672.patch 2019-04-01 23:25:15.000000000 +0200 @@ -0,0 +1,77 @@ +Description: backported fixes for CVE-2019-10672 +Author: Christian Höne/IOhannes m zmölnig +Origin: upstream +Applied-Upstream: d39a171e9c6a1c44dbdf43f9db6c3fbd887e38c1, 83d21e38f4ed65c2e3d76fc792bdf4abde6ec148, 05ff8a6903c8a357c6d6fd921276732767741670, 2ed84bbcf261629adf16c56a5b4532670084842e +Last-Update: 2019-04-01 +--- +This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ +--- libmysofa.orig/src/hdf/btree.c ++++ libmysofa/src/hdf/btree.c +@@ -308,8 +308,11 @@ + b = i / elements; + x = i % elements + start[0]; + if (x < sx) { ++ + j = x * size + b; +- ((char*)data->data)[j] = output[i]; ++ if (j >= 0 && j < data->data_len) { ++ ((char*) data->data)[j] = output[i]; ++ } + } + } + break; +@@ -321,7 +324,9 @@ + x = x / dy + start[0]; + if (y < sy && x < sx) { + j = ((x * sy + y) * size) + b; +- ((char*)data->data)[j] = output[i]; ++ if (j >= 0 && j < data->data_len) { ++ ((char*) data->data)[j] = output[i]; ++ } + } + } + break; +@@ -334,7 +339,9 @@ + x = (x / dzy) + start[0]; + if (z < sz && y < sy && x < sx) { + j = (x * szy + y * sz + z) * size + b; +- ((char*)data->data)[j] = output[i]; ++ if (j >= 0 && j < data->data_len) { ++ ((char*) data->data)[j] = output[i]; ++ } + } + } + break; +--- libmysofa.orig/src/hdf/dataobject.c ++++ libmysofa/src/hdf/dataobject.c +@@ -665,13 +665,14 @@ + + if(name_size>0x1000) + return MYSOFA_NO_MEMORY; +- name = malloc(name_size); ++ name = malloc(name_size + 1); + if(!name) + return MYSOFA_NO_MEMORY; + if(fread(name, 1, name_size, reader->fhd)!=name_size) { + free(name); + return errno; + } ++ name[name_size] = 0; + log(" attribute name %s\n", name); + + if (flags & 3) { +--- libmysofa.orig/src/hdf/fractalhead.c ++++ libmysofa/src/hdf/fractalhead.c +@@ -180,6 +180,12 @@ + log("\nfractal head type 1 length %4lX name %s address %lX\n", length, name, heap_header_address); + + dir = malloc(sizeof(struct DIR)); ++ if(!dir) { ++ free(name); ++ return MYSOFA_NO_MEMORY; ++ } ++ memset(dir,0,sizeof(*dir)); ++ + dir->next = dataobject->directory; + dataobject->directory = dir; + diff -Nru libmysofa-0.6~dfsg0/debian/patches/series libmysofa-0.6~dfsg0/debian/patches/series --- libmysofa-0.6~dfsg0/debian/patches/series 2017-11-20 15:43:42.000000000 +0100 +++ libmysofa-0.6~dfsg0/debian/patches/series 2019-04-01 23:25:15.000000000 +0200 @@ -1 +1,2 @@ fix_export_symbols.patch +CVE-2019-10672.patch
