--- Begin Message ---
Package: release.debian.org
Severity: normal
Tags: trixie
X-Debbugs-Cc: [email protected], [email protected]
Control: affects -1 + src:capstone
User: [email protected]
Usertags: pu
This updates capstone to a new upstream version for fixing
no-dsa CVE-2025-67873 and CVE-2025-68114.
Except for a harmless CMake fix, the new upstream version
contains only the CVE fixes.
diffstat for capstone-5.0.6 capstone-5.0.7
CMakeLists.txt | 6 +++---
ChangeLog | 9 +++++++++
SStream.c | 6 ++++++
SStream.h | 12 +++++++++++-
bindings/python/capstone/__init__.py | 2 +-
cs.c | 14 +++++++++-----
debian/changelog | 17 +++++++++++++++++
debian/control | 2 +-
include/capstone/capstone.h | 2 +-
pkgconfig.mk | 2 +-
10 files changed, 59 insertions(+), 13 deletions(-)
diff -Nru capstone-5.0.6/bindings/python/capstone/__init__.py
capstone-5.0.7/bindings/python/capstone/__init__.py
--- capstone-5.0.6/bindings/python/capstone/__init__.py 2025-03-23
17:48:02.000000000 +0200
+++ capstone-5.0.7/bindings/python/capstone/__init__.py 2026-02-10
00:30:40.000000000 +0200
@@ -180,7 +180,7 @@
# Package version
CS_VERSION_MAJOR = CS_API_MAJOR
CS_VERSION_MINOR = CS_API_MINOR
-CS_VERSION_EXTRA = 6
+CS_VERSION_EXTRA = 7
__version__ = "%u.%u.%u" %(CS_VERSION_MAJOR, CS_VERSION_MINOR,
CS_VERSION_EXTRA)
diff -Nru capstone-5.0.6/ChangeLog capstone-5.0.7/ChangeLog
--- capstone-5.0.6/ChangeLog 2025-03-23 17:48:02.000000000 +0200
+++ capstone-5.0.7/ChangeLog 2026-02-10 00:30:40.000000000 +0200
@@ -1,6 +1,15 @@
This file details the changelog of Capstone.
--------------------------------
+Version 5.0.7: February 4th, 2026
+
+## What's Changed
+* Backport for 5.0.7 by @scribam in
https://github.com/capstone-engine/capstone/pull/2785
+* CVE v5 backports by @Rot127 in
https://github.com/capstone-engine/capstone/pull/2835
+
+**Full Changelog**:
https://github.com/capstone-engine/capstone/compare/5.0.6...5.0.7
+
+--------------------------------
Version 5.0.6: March 23th, 2025
## What's Changed
diff -Nru capstone-5.0.6/CMakeLists.txt capstone-5.0.7/CMakeLists.txt
--- capstone-5.0.6/CMakeLists.txt 2025-03-23 17:48:02.000000000 +0200
+++ capstone-5.0.7/CMakeLists.txt 2026-02-10 00:30:40.000000000 +0200
@@ -21,9 +21,9 @@
# Enable support for MSVC_RUNTIME_LIBRARY
cmake_policy(SET CMP0091 NEW)
-# Check if VERSION is provided externally, otherwise default to 5.0.3
-if(NOT DEFINED PROJECT_VERSION)
- set(PROJECT_VERSION "5.0.6")
+# Check if VERSION is provided externally, otherwise default to 5.0.7
+if(NOT DEFINED PROJECT_VERSION OR PROJECT_VERSION STREQUAL "")
+ set(PROJECT_VERSION "5.0.7")
endif()
# Use PROJECT_VERSION directly for CPack
diff -Nru capstone-5.0.6/cs.c capstone-5.0.7/cs.c
--- capstone-5.0.6/cs.c 2025-03-23 17:48:02.000000000 +0200
+++ capstone-5.0.7/cs.c 2026-02-10 00:30:40.000000000 +0200
@@ -976,10 +976,13 @@
skipdata_bytes = handle->skipdata_size;
// we have to skip some amount of data, depending on
arch & mode
- insn_cache->id = 0; // invalid ID for this "data"
instruction
+ // invalid ID for this "data" instruction
+ insn_cache->id = 0;
insn_cache->address = offset;
- insn_cache->size = (uint16_t)skipdata_bytes;
- memcpy(insn_cache->bytes, buffer, skipdata_bytes);
+ insn_cache->size = (uint16_t)MIN(
+ skipdata_bytes, sizeof(insn_cache->bytes));
+ memcpy(insn_cache->bytes, buffer,
+ MIN(skipdata_bytes, sizeof(insn_cache->bytes)));
#ifdef CAPSTONE_DIET
insn_cache->mnemonic[0] = '\0';
insn_cache->op_str[0] = '\0';
@@ -1181,12 +1184,13 @@
// we have to skip some amount of data, depending on arch & mode
insn->id = 0; // invalid ID for this "data" instruction
insn->address = *address;
- insn->size = (uint16_t)skipdata_bytes;
+ insn->size = (uint16_t)MIN(skipdata_bytes, sizeof(insn->bytes));
+ memcpy(insn->bytes, *code,
+ MIN(skipdata_bytes, sizeof(insn->bytes)));
#ifdef CAPSTONE_DIET
insn->mnemonic[0] = '\0';
insn->op_str[0] = '\0';
#else
- memcpy(insn->bytes, *code, skipdata_bytes);
strncpy(insn->mnemonic, handle->skipdata_setup.mnemonic,
sizeof(insn->mnemonic) - 1);
skipdata_opstr(insn->op_str, *code, skipdata_bytes);
diff -Nru capstone-5.0.6/debian/changelog capstone-5.0.7/debian/changelog
--- capstone-5.0.6/debian/changelog 2025-03-24 16:33:46.000000000 +0200
+++ capstone-5.0.7/debian/changelog 2026-03-04 18:22:48.000000000 +0200
@@ -1,3 +1,20 @@
+capstone (5.0.7-1~deb13u1) trixie; urgency=medium
+
+ * Non-maintainer upload.
+ * Rebuild for trixie.
+ - CVE-2025-67873: cs_insn.bytes heap buffer overflow
+ - CVE-2025-68114: SStream_concat() stack buffer underflow&overflow
+
+ -- Adrian Bunk <[email protected]> Wed, 04 Mar 2026 18:22:48 +0200
+
+capstone (5.0.7-1) unstable; urgency=medium
+
+ * Team upload.
+ * New upstream version 5.0.7
+ * Bump Standards-Version
+
+ -- Hilko Bengen <[email protected]> Sun, 15 Feb 2026 12:10:56 +0100
+
capstone (5.0.6-1) unstable; urgency=medium
* New upstream version 5.0.6
diff -Nru capstone-5.0.6/debian/control capstone-5.0.7/debian/control
--- capstone-5.0.6/debian/control 2025-02-12 10:11:51.000000000 +0200
+++ capstone-5.0.7/debian/control 2026-02-15 13:10:28.000000000 +0200
@@ -7,7 +7,7 @@
python3-all-dev,
python3-setuptools,
cython3,
-Standards-Version: 4.6.1
+Standards-Version: 4.7.3
Rules-Requires-Root: no
Section: devel
Homepage: https://www.capstone-engine.org/
diff -Nru capstone-5.0.6/include/capstone/capstone.h
capstone-5.0.7/include/capstone/capstone.h
--- capstone-5.0.6/include/capstone/capstone.h 2025-03-23 17:48:02.000000000
+0200
+++ capstone-5.0.7/include/capstone/capstone.h 2026-02-10 00:30:40.000000000
+0200
@@ -58,7 +58,7 @@
// Capstone package version
#define CS_VERSION_MAJOR CS_API_MAJOR
#define CS_VERSION_MINOR CS_API_MINOR
-#define CS_VERSION_EXTRA 6
+#define CS_VERSION_EXTRA 7
/// Macro for meta programming.
/// Meant for projects using Capstone and need to support multiple
diff -Nru capstone-5.0.6/pkgconfig.mk capstone-5.0.7/pkgconfig.mk
--- capstone-5.0.6/pkgconfig.mk 2025-03-23 17:48:02.000000000 +0200
+++ capstone-5.0.7/pkgconfig.mk 2026-02-10 00:30:40.000000000 +0200
@@ -6,7 +6,7 @@
PKG_MINOR = 0
# version bugfix level. Example: PKG_EXTRA = 1
-PKG_EXTRA = 6
+PKG_EXTRA = 7
# version tag. Examples: rc1, b2, post1 - or just comment out for no tag
PKG_TAG =
diff -Nru capstone-5.0.6/SStream.c capstone-5.0.7/SStream.c
--- capstone-5.0.6/SStream.c 2025-03-23 17:48:02.000000000 +0200
+++ capstone-5.0.7/SStream.c 2026-02-10 00:30:40.000000000 +0200
@@ -33,6 +33,7 @@
#ifndef CAPSTONE_DIET
unsigned int len = (unsigned int) strlen(s);
+ SSTREAM_OVERFLOW_CHECK(ss, len);
memcpy(ss->buffer + ss->index, s, len);
ss->index += len;
ss->buffer[ss->index] = '\0';
@@ -42,6 +43,7 @@
void SStream_concat1(SStream *ss, const char c)
{
#ifndef CAPSTONE_DIET
+ SSTREAM_OVERFLOW_CHECK(ss, 1);
ss->buffer[ss->index] = c;
ss->index++;
ss->buffer[ss->index] = '\0';
@@ -57,6 +59,10 @@
va_start(ap, fmt);
ret = cs_vsnprintf(ss->buffer + ss->index, sizeof(ss->buffer) -
(ss->index + 1), fmt, ap);
va_end(ap);
+ if (ret < 0) {
+ return;
+ }
+ SSTREAM_OVERFLOW_CHECK(ss, ret);
ss->index += ret;
#endif
}
diff -Nru capstone-5.0.6/SStream.h capstone-5.0.7/SStream.h
--- capstone-5.0.6/SStream.h 2025-03-23 17:48:02.000000000 +0200
+++ capstone-5.0.7/SStream.h 2026-02-10 00:30:40.000000000 +0200
@@ -6,8 +6,18 @@
#include "include/capstone/platform.h"
+#define SSTREAM_BUF_LEN 512
+
+#define SSTREAM_OVERFLOW_CHECK(OS, len) \
+ do { \
+ if (OS->index + len + 1 > SSTREAM_BUF_LEN) { \
+ fprintf(stderr, "Buffer overflow caught!\n"); \
+ return; \
+ } \
+ } while (0)
+
typedef struct SStream {
- char buffer[512];
+ char buffer[SSTREAM_BUF_LEN];
int index;
} SStream;
--- End Message ---
