Package: release.debian.org Severity: normal User: release.debian....@packages.debian.org Usertags: unblock
Please unblock package konversation To fix https://security-tracker.debian.org/tracker/CVE-2014-8483 I backported a fix from upstream unblock konversation/1.5-2 -- System Information: Debian Release: jessie/sid APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'testing'), (500, 'stable'), (110, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.16-3-amd64 (SMP w/4 CPU cores)
diff -Nru konversation-1.5/debian/changelog konversation-1.5/debian/changelog --- konversation-1.5/debian/changelog 2014-02-22 17:19:37.000000000 -0800 +++ konversation-1.5/debian/changelog 2014-11-05 14:02:01.000000000 -0800 @@ -1,3 +1,11 @@ +konversation (1.5-2) unstable; urgency=medium + + * Backport fix for CVE-2014-8483 in cve-2014-8483.patch + See https://security-tracker.debian.org/tracker/CVE-2014-8483 + (Closes: #768191) + + -- Diane Trout <di...@ghic.org> Wed, 05 Nov 2014 22:47:53 +0100 + konversation (1.5-1) unstable; urgency=medium * New upstream release diff -Nru konversation-1.5/debian/patches/cve-2014-8483.patch konversation-1.5/debian/patches/cve-2014-8483.patch --- konversation-1.5/debian/patches/cve-2014-8483.patch 1969-12-31 16:00:00.000000000 -0800 +++ konversation-1.5/debian/patches/cve-2014-8483.patch 2014-11-05 12:21:25.000000000 -0800 @@ -0,0 +1,49 @@ +Origin: http://quickgit.kde.org/?p=konversation.git&a=commit&h=1f55cee8b3d0956adc98834f7b5832e48e077ed7 +Bug: https://bugs.kde.org/show_bug.cgi?id=210792 +Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=768191 +Description: Do a bounds check on ECB blocks. + Backport fix for CVE-2014-8483 + https://security-tracker.debian.org/tracker/CVE-2014-8483 + . + Blindly assuming they're the expected 12 chars can lead to a crash + on malformed input. + . + Original patch by Manuel Nickschas for Quassel, who incorporated + the original Konversation code into Quassel in 2009. + +--- a/src/cipher.cpp ++++ b/src/cipher.cpp +@@ -353,8 +353,12 @@ + } + else + { ++ // ECB Blowfish encodes in blocks of 12 chars, so anything else is malformed input ++ if ((temp.length() % 12) != 0) ++ return cipherText; ++ + temp = b64ToByte(temp); +- while((temp.length() % 8) != 0) temp.append('\0'); ++ while ((temp.length() % 8) != 0) temp.append('\0'); + } + + QCA::Direction dir = (direction) ? QCA::Encode : QCA::Decode; +@@ -362,11 +366,17 @@ + QByteArray temp2 = cipher.update(QCA::MemoryRegion(temp)).toByteArray(); + temp2 += cipher.final().toByteArray(); + +- if(!cipher.ok()) ++ if (!cipher.ok()) + return cipherText; + +- if(direction) ++ if (direction) ++ { ++ // Sanity check ++ if ((temp2.length() % 8) != 0) ++ return cipherText; ++ + temp2 = byteToB64(temp2); ++ } + + return temp2; + } diff -Nru konversation-1.5/debian/patches/series konversation-1.5/debian/patches/series --- konversation-1.5/debian/patches/series 2014-02-22 10:28:08.000000000 -0800 +++ konversation-1.5/debian/patches/series 2014-11-05 10:45:52.000000000 -0800 @@ -1,2 +1,3 @@ +cve-2014-8483.patch debian_dbug_autoreplace.diff debian_channel.diff