Bug#793468: Debdiff for CVE-2015-4646, and more
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 It seems I am unable to send the debdiff file directly through email. I have therefore hosted the diff on PasteBin, Here is the highlighed code: http://pastebin.com/HcViHJBW Here is the raw code: http://pastebin.com/raw.php?i=HcViHJBW Thanks. -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQIcBAEBAgAGBQJVshmnAAoJEM5wUx8CP5BTqBMP/3Nmz0p9tF2gzOgxuXTEJGIc mb7SGGdlpysGWTuISVwunXx1laSjNjie7UV9/FgobdsUCMCy2GyFl01k4/z/jcA7 pwxFUZlkpOm30xiyNxaPYzNZIx5bHUnRuj9ecqp59fcCRLbNrJH1X/8/1lt/Jh0+ niMS/yl7nF4PNABCTxtWHymD9geKe22YTfVUIvBtoJTrf5wyQuNpDbDXzBMCFIxh jzeDKojWbmckR2yapd+ktnN5Qd6/CzKaZ8urs2kodnYCpYLn23uahVnpuBTjbGZG aHyIO7n82vwcwIglaMibGCbzmjXPY/qqRLZyn3ABZ99aGXu2NtP4DACB9jRYWGpm yYd1GdZafPraB/wIIXzjBa7vO2E6Hw/5jNarLOwjBPdMwWWrxin9vqpVEUmhaVRJ 1Qf/1cCZhjbkt9iBOs3uUHyAeaA17kqMDAftXf1Ff5uA+TPSz/UUFqJBEqCxDmkx JPGch3Jg15w/p3/MxJHIry9wXY9vidZPQ4amDfHjVneUIRkiFLph6KRd/h2twwP3 jqsKWU1R475l9YZn2TgxB4uD4Z2JqhSlQZLylxOQ09SHTb0PtY56OAT35KeB9d++ Nyj1OCvSmckQStQQvSRTo90WuqmGA93x2PQbSyp4pLj9XwvxTNnyvEaDFsgmdFBr 6iOj9E7F0pPXgnujy8l4 =9iFE -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#793467: squashfs-tools: CVE-2015-4645
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Source: squashfs-tools Version: 1:4.2+20130409-2 Severity: normal Hello, Filing a bug for CVE-2015-4645, overflows the bytes variable, so that the allocation of fragments_bytes[] has an erroneous size. Described here: https://github.com/devttys0/sasquatch/pull/5 -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQIcBAEBAgAGBQJVsg7KAAoJEM5wUx8CP5BT0RAP/2RVP+WblwuFAmM2iRZa4I+0 a9aLecS/94flioUTfb3vS3oKInDa17cXBPf830KvwpMDu8i40yhNC6NpvU8E2BKa 6FcGDtrv5mN5iDpvqcszu6hrnAxGNe8Q9poq7vSQ4riM11YgOgcI6CWBXQzEDasY cgcaQt33KbeEVic0sFW6tdN22WkGSivlxmuoG4bc+zdHVGfMMPIvqEUV3q+FdqEJ vsYA5ZAvWk3rgOMnA2O8MC2/BORxo9VlEPz2gCACcl0jUXjHm/MnO+hhET4uRJER CFbPOx5qeAQuk0oltz9//hiXv6rES3Q1OG54xUWjhHvaeowEAMmuzvhLBV5B8mF0 xCUkpakZUjqyS+GcPHvE7jgIS6y/QEiXk+2Z6sfpAn07kgcGuSfdJpC390TeCrQx 7sdXhZRqrlSqQO1oOZmM+mH7x4U3Jk/MU4BSKcvGx/vY0kKr8rEdR1wOeeCWx77t ILrI1f99/ZIEJd6IsaU4myGBwTMLYnyA8Syp/6ZgFNSgbyIVvSzfv954kYW16tMZ AAxJrl7iyRrCPDY6e2PptfQxRsX2+8jZmADvpUDjOWA92l0/48GVvInKCqCXo/d3 7a+YdqeVkXHTtT3DSbve/VI5WOesrFfk9Wn81y51932/150ktxlRjwL+/IkliLMC 7MW8nDNdNg302HU3LFlE =oPpZ -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#793468: squashfs-tools: CVE-2015-4646
Source: squashfs-tools Version: 1:4.2+20130409-2 Severity: normal Hello, Filing a bug for CVE-2015-4646, we run into an unrelated problem in which the stack VLA allocation of fragment_table_index[] can easily exceed RLIMIT_STACK Described here: https://github.com/devttys0/sasquatch/pull/5 -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#793467: CVE-2015-4645 fixed by CVE-2015-4646
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 This CVE is fixed with CVE-2015-4646 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=793468 -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQIcBAEBAgAGBQJVshECAAoJEM5wUx8CP5BTfdQP/3v3rKjAmSPMtzE8KnoQ0l8c zbH0Xj76KxvFltLrfi02FfU2qOHP70Y4UYJtcE2QFzJLXLK3ifiL0B2VJBzfOPSV tt1RPYLh9fDjBtp8S/u0FC2Fus/HMX8edOBw/JtEj0avY1uwTLvEgu0WnWQNkTHp XF4tZUrwTCoZupHBlBNL4I0yxYW4/g9FcF/TtnHPa8A+wbAvXdS5vTMa9E9v85vp vNBVI1CbzqoeoZDZC8YhwvlNXIr3X4xHIft2DEv0Kr3CHGQzP/2pny3tUVfFVwQv 6MsGtp2dFEDsTL9FoyeJoXrW09nGaCUg1U4FM4vVAMzJB7Zp4E5E6gUvH715bvMb ZSEDzvQL/r1yqZYvAKT+pL1HYmZY/EGCRSe27UW9prlddnadQ6fC4H1iSeLjgCSu +KjOuhNzODdEMpnv2rrMmJUh75ejHVUWEu1bBpMLPrMqFNl41ZZaSjX76uizsYRO FRMR9bq4vPTBDLSN+b+IXyURq08r+N09/dmnfuJQ+acXix5kg+MqUHb8gYPiAwc4 gV9WIIS34sAoGfUZyanrWHaS7hxS0nkH2nGaeqEUW5x9LuQQhlpVczGGPjGeUkQn Yqe4p8qcXfQx9vHEsy2LH2ejIHFz0V7du+EILVT1lbaewGvWusovthLhh4gibFfP KV5Q30O6lPMyHPE6gpnu =GCFu -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#793468: Fix for CVE-2015-4646, and more
Following up is a debdiff that: * fixes CVE-2015-4645 and CVE-2015-4646 * Upgrades to squashfs-tools 4.3 * Updates the man pages -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#793480: squashfs-tools: Update to 4.3 and man pages updated
Source: squashfs-tools Version: 1:4.2+20130409-2 Severity: normal * Here is the code to update the source to 4.3+20140919 (from https://github.com/plougher/squashfs-tools) * Also contains fix for CVE-2015-4645/46 (from https://github.com/devttys0/sasquatch/pull/5) * Also contains updates to manual page (upstreamed from redhat's squashfs-tools package). Sorry I might have missegmented my patches and bug reporting (#793467, #793468), but now you have anything: updated source code, two CVEs fixed as a patch and the man pages updated. Preety debdiff: http://pastebin.com/HcViHJBW Raw debdiff: http://pastebin.com/raw.php?i=HcViHJBW Take care, -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org