Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian@packages.debian.org
Usertags: pu
The attached debdiff for cpdb-libs fixes CVE-2023-34095 Bookworm. This CVE
has been marked as no-dsa by the security team.
The fix just restricts the usable buffer and should have no side effects.
Thorsten
diff -Nru cpdb-libs-1.2.0/debian/changelog cpdb-libs-1.2.0/debian/changelog
--- cpdb-libs-1.2.0/debian/changelog2023-01-12 22:03:02.0 +0100
+++ cpdb-libs-1.2.0/debian/changelog2023-06-27 22:03:02.0 +0200
@@ -1,3 +1,10 @@
+cpdb-libs (1.2.0-2+deb12u1) bookworm; urgency=medium
+
+ * CVE-2023-34095 (Closes: #1038253)
+buffer overflow via improper use of scanf()/fscanf()
+
+ -- Thorsten Alteholz Tue, 27 Jun 2023 22:03:02 +0200
+
cpdb-libs (1.2.0-2) unstable; urgency=medium
* source upload
diff -Nru cpdb-libs-1.2.0/debian/patches/CVE-2023-34095.patch
cpdb-libs-1.2.0/debian/patches/CVE-2023-34095.patch
--- cpdb-libs-1.2.0/debian/patches/CVE-2023-34095.patch 1970-01-01
01:00:00.0 +0100
+++ cpdb-libs-1.2.0/debian/patches/CVE-2023-34095.patch 2023-06-27
22:03:02.0 +0200
@@ -0,0 +1,161 @@
+Description: backported fix for CVE-2023-34095
+Index: cpdb-libs/demo/print_frontend.c
+===
+--- cpdb-libs.orig/demo/print_frontend.c 2023-06-28 06:57:31.699739106
+0200
cpdb-libs/demo/print_frontend.c2023-06-28 08:01:19.416613086 +0200
+@@ -48,7 +48,7 @@
+ {
+ printf("> ");
+ fflush(stdout);
+-scanf("%s", buf);
++scanf("%99s", buf);
+ if (strcmp(buf, "stop") == 0)
+ {
+ disconnect_from_dbus(f);
+@@ -84,7 +84,7 @@
+ {
+ char printer_id[100];
+ char backend_name[100];
+-scanf("%s%s", printer_id, backend_name);
++scanf("%99s%99s", printer_id, backend_name);
+ g_message("Getting all attributes ..\n");
+ PrinterObj *p = find_PrinterObj(f, printer_id, backend_name);
+
+@@ -106,7 +106,7 @@
+ else if (strcmp(buf, "get-default") == 0)
+ {
+ char printer_id[100], backend_name[100], option_name[100];
+-scanf("%s%s%s", option_name, printer_id, backend_name);
++scanf("%99s%99s%99s", option_name, printer_id, backend_name);
+ PrinterObj *p = find_PrinterObj(f, printer_id, backend_name);
+ char *ans = get_default(p, option_name);
+ if (!ans)
+@@ -117,7 +117,7 @@
+ else if (strcmp(buf, "get-setting") == 0)
+ {
+ char printer_id[100], backend_name[100], setting_name[100];
+-scanf("%s%s%s", setting_name, printer_id, backend_name);
++scanf("%99s%99s%99s", setting_name, printer_id, backend_name);
+ PrinterObj *p = find_PrinterObj(f, printer_id, backend_name);
+ char *ans = get_setting(p, setting_name);
+ if (!ans)
+@@ -128,7 +128,7 @@
+ else if (strcmp(buf, "get-current") == 0)
+ {
+ char printer_id[100], backend_name[100], option_name[100];
+-scanf("%s%s%s", option_name, printer_id, backend_name);
++scanf("%99s%99s%99s", option_name, printer_id, backend_name);
+ PrinterObj *p = find_PrinterObj(f, printer_id, backend_name);
+ char *ans = get_current(p, option_name);
+ if (!ans)
+@@ -139,7 +139,7 @@
+ else if (strcmp(buf, "add-setting") == 0)
+ {
+ char printer_id[100], backend_name[100], option_name[100],
option_val[100];
+-scanf("%s %s %s %s", option_name, option_val, printer_id,
backend_name);
++scanf("%99s %99s %99s %99s", option_name, option_val, printer_id,
backend_name);
+ PrinterObj *p = find_PrinterObj(f, printer_id, backend_name);
+ printf("%s : %s\n", option_name, option_val);
+ add_setting_to_printer(p, get_string_copy(option_name),
get_string_copy(option_val));
+@@ -147,7 +147,7 @@
+ else if (strcmp(buf, "clear-setting") == 0)
+ {
+ char printer_id[100], backend_name[100], option_name[100];
+-scanf("%s%s%s", option_name, printer_id, backend_name);
++scanf("%99s%99s%99s", option_name, printer_id, backend_name);
+ PrinterObj *p = find_PrinterObj(f, printer_id, backend_name);
+ clear_setting_from_printer(p, option_name);
+ }
+@@ -155,7 +155,7 @@
+ {
+ char printer_id[100];
+ char backend_name[100];
+-scanf("%s%s", printer_id, backend_name);
++scanf("%99s%99s", printer_id, backend_name);
+ PrinterObj *p = find_PrinterObj(f, printer_id, backend_name);
+ printf("%s\n", get_state(p));
+ }
+@@ -163,7 +163,7 @@
+ {
+ char printer_id[100];
+ char backend_name[100];
+-scanf("%s%s",