Bug#1039862: bookworm-pu: cpdb-libs/1.2.0-2+deb12u1

2023-06-30 Thread Thorsten Alteholz 




On Thu, 29 Jun 2023, Jonathan Wiltshire wrote:


Please go ahead.


Great, thanks ...

... and uploaded.

  Thorsten

Bug#1039862: bookworm-pu: cpdb-libs/1.2.0-2+deb12u1

2023-06-29 Thread Jonathan Wiltshire 
Control: tag -1 confirmed

On Wed, Jun 28, 2023 at 09:54:22PM +, Thorsten Alteholz wrote:
> The attached debdiff for cpdb-libs fixes CVE-2023-34095 Bookworm. This CVE
> has been marked as no-dsa by the security team.
> 
> The fix just restricts the usable buffer and should have no side effects.

Please go ahead.

Thanks,


-- 
Jonathan Wiltshire  j...@debian.org
Debian Developer http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51
ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1

Bug#1039862: bookworm-pu: cpdb-libs/1.2.0-2+deb12u1

2023-06-28 Thread Thorsten Alteholz 

Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian@packages.debian.org
Usertags: pu


The attached debdiff for cpdb-libs fixes CVE-2023-34095 Bookworm. This CVE 
has been marked as no-dsa by the security team.


The fix just restricts the usable buffer and should have no side effects.

  Thorsten
diff -Nru cpdb-libs-1.2.0/debian/changelog cpdb-libs-1.2.0/debian/changelog
--- cpdb-libs-1.2.0/debian/changelog2023-01-12 22:03:02.0 +0100
+++ cpdb-libs-1.2.0/debian/changelog2023-06-27 22:03:02.0 +0200
@@ -1,3 +1,10 @@
+cpdb-libs (1.2.0-2+deb12u1) bookworm; urgency=medium
+
+  * CVE-2023-34095 (Closes: #1038253)
+buffer overflow via improper use of scanf()/fscanf()
+
+ -- Thorsten Alteholz   Tue, 27 Jun 2023 22:03:02 +0200
+
 cpdb-libs (1.2.0-2) unstable; urgency=medium
 
   * source upload
diff -Nru cpdb-libs-1.2.0/debian/patches/CVE-2023-34095.patch 
cpdb-libs-1.2.0/debian/patches/CVE-2023-34095.patch
--- cpdb-libs-1.2.0/debian/patches/CVE-2023-34095.patch 1970-01-01 
01:00:00.0 +0100
+++ cpdb-libs-1.2.0/debian/patches/CVE-2023-34095.patch 2023-06-27 
22:03:02.0 +0200
@@ -0,0 +1,161 @@
+Description: backported fix for CVE-2023-34095
+Index: cpdb-libs/demo/print_frontend.c
+===
+--- cpdb-libs.orig/demo/print_frontend.c   2023-06-28 06:57:31.699739106 
+0200
 cpdb-libs/demo/print_frontend.c2023-06-28 08:01:19.416613086 +0200
+@@ -48,7 +48,7 @@
+ {
+ printf("> ");
+ fflush(stdout);
+-scanf("%s", buf);
++scanf("%99s", buf);
+ if (strcmp(buf, "stop") == 0)
+ {
+ disconnect_from_dbus(f);
+@@ -84,7 +84,7 @@
+ {
+ char printer_id[100];
+ char backend_name[100];
+-scanf("%s%s", printer_id, backend_name);
++scanf("%99s%99s", printer_id, backend_name);
+ g_message("Getting all attributes ..\n");
+ PrinterObj *p = find_PrinterObj(f, printer_id, backend_name);
+ 
+@@ -106,7 +106,7 @@
+ else if (strcmp(buf, "get-default") == 0)
+ {
+ char printer_id[100], backend_name[100], option_name[100];
+-scanf("%s%s%s", option_name, printer_id, backend_name);
++scanf("%99s%99s%99s", option_name, printer_id, backend_name);
+ PrinterObj *p = find_PrinterObj(f, printer_id, backend_name);
+ char *ans = get_default(p, option_name);
+ if (!ans)
+@@ -117,7 +117,7 @@
+ else if (strcmp(buf, "get-setting") == 0)
+ {
+ char printer_id[100], backend_name[100], setting_name[100];
+-scanf("%s%s%s", setting_name, printer_id, backend_name);
++scanf("%99s%99s%99s", setting_name, printer_id, backend_name);
+ PrinterObj *p = find_PrinterObj(f, printer_id, backend_name);
+ char *ans = get_setting(p, setting_name);
+ if (!ans)
+@@ -128,7 +128,7 @@
+ else if (strcmp(buf, "get-current") == 0)
+ {
+ char printer_id[100], backend_name[100], option_name[100];
+-scanf("%s%s%s", option_name, printer_id, backend_name);
++scanf("%99s%99s%99s", option_name, printer_id, backend_name);
+ PrinterObj *p = find_PrinterObj(f, printer_id, backend_name);
+ char *ans = get_current(p, option_name);
+ if (!ans)
+@@ -139,7 +139,7 @@
+ else if (strcmp(buf, "add-setting") == 0)
+ {
+ char printer_id[100], backend_name[100], option_name[100], 
option_val[100];
+-scanf("%s %s %s %s", option_name, option_val, printer_id, 
backend_name);
++scanf("%99s %99s %99s %99s", option_name, option_val, printer_id, 
backend_name);
+ PrinterObj *p = find_PrinterObj(f, printer_id, backend_name);
+ printf("%s : %s\n", option_name, option_val);
+ add_setting_to_printer(p, get_string_copy(option_name), 
get_string_copy(option_val));
+@@ -147,7 +147,7 @@
+ else if (strcmp(buf, "clear-setting") == 0)
+ {
+ char printer_id[100], backend_name[100], option_name[100];
+-scanf("%s%s%s", option_name, printer_id, backend_name);
++scanf("%99s%99s%99s", option_name, printer_id, backend_name);
+ PrinterObj *p = find_PrinterObj(f, printer_id, backend_name);
+ clear_setting_from_printer(p, option_name);
+ }
+@@ -155,7 +155,7 @@
+ {
+ char printer_id[100];
+ char backend_name[100];
+-scanf("%s%s", printer_id, backend_name);
++scanf("%99s%99s", printer_id, backend_name);
+ PrinterObj *p = find_PrinterObj(f, printer_id, backend_name);
+ printf("%s\n", get_state(p));
+ }
+@@ -163,7 +163,7 @@
+ {
+ char printer_id[100];
+ char backend_name[100];
+-scanf("%s%s",