Package: release.debian.org
Severity: normal
User: release.debian@packages.debian.org
Usertags: pu
swath has got a trivial security fix, addressing Bug #698189, which the
security team considers trivial enough to upload to stable-proposed-updates.
(See the quoted conversation below.)
The prepared upload can be found here:
http://linux.thai.net/~thep/debs/swath-squeeze/swath_0.4.0-4+squeeze1.dsc
The debdiff is also attached for your review.
On Mon, Jan 21, 2013 at 4:14 PM, Yves-Alexis Perez cor...@debian.org wrote:
On lun., 2013-01-21 at 15:56 +0700, Theppitak Karoonboonyanan wrote:
Dear security team,
I have been reported a potential buffer overflow vulnerability in
swath,
which allows shell injection via long command-line argument:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=698189
The exploit is not known yet, but the report is already public
(in the bug log).
Both stable (0.4.0-4) and testing/unstable (0.4.3-2) versions are
affected.
For testing/unstable, the fix has been uploaded (0.4.3-3).
For stable, I have prepared the deb for your review here:
http://linux.thai.net/~thep/debs/swath-squeeze/swath_0.4.0-4
+squeeze1.dsc
The debdiff is also attached.
Thanks for the report. It doesn't look bad enough to warrant a DSA imho.
Can you please ask release team for a stable upload? I'll contact
oss-sec to have a CVE assigned.
Regards,
--
Yves-Alexis
-- System Information:
Debian Release: 7.0
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=th_TH.utf8, LC_CTYPE=th_TH.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
diff -Nru swath-0.4.0/debian/changelog swath-0.4.0/debian/changelog
--- swath-0.4.0/debian/changelog2010-01-14 15:24:18.0 +0700
+++ swath-0.4.0/debian/changelog2013-01-21 16:26:19.0 +0700
@@ -1,3 +1,11 @@
+swath (0.4.0-4+squeeze1) stable; urgency=high
+
+ * debian/patches/01_buffer-overflow.patch: backport patch from upstream
+to fix potential buffer overflow in Mule mode.
+Thanks Dominik Maier for the report. (Closes: #698189)
+
+ -- Theppitak Karoonboonyanan t...@debian.org Mon, 21 Jan 2013 15:03:30
+0700
+
swath (0.4.0-4) unstable; urgency=low
* debian/rules: Fix failure to build twice in a row:
diff -Nru swath-0.4.0/debian/patches/01_buffer-overflow.patch
swath-0.4.0/debian/patches/01_buffer-overflow.patch
--- swath-0.4.0/debian/patches/01_buffer-overflow.patch 1970-01-01
07:00:00.0 +0700
+++ swath-0.4.0/debian/patches/01_buffer-overflow.patch 2013-01-21
16:26:19.0 +0700
@@ -0,0 +1,22 @@
+Author: Theppitak Karoonboonyanan t...@linux.thai.net
+Description: Fix potential buffer overflow
+Origin: backport,
http://linux.thai.net/websvn/wsvn/software.swath/trunk?op=revisionrev=238peg=238
+Bug-Debian: http://bugs.debian.org/698189
+
+Index: swath/src/wordseg.cpp
+===
+--- swath.orig/src/wordseg.cpp 2013-01-21 13:19:24.261886743 +0700
swath/src/wordseg.cpp 2013-01-21 13:20:31.693890376 +0700
+@@ -253,11 +253,7 @@
+ }
+ delete FltX;
+ }else{
+-char stopstr[20];
+-if (muleMode)
+- strcpy(stopstr,wbr);
+-else
+- stopstr[0]='\0';
++const char *stopstr = muleMode ? wbr : ;
+ for (;;) { // read until end of file.
+ if (mode == 0) printf(Input : );
+ for (i = 0; ((c = fgetc(tmpin)) != '\n')
diff -Nru swath-0.4.0/debian/patches/series swath-0.4.0/debian/patches/series
--- swath-0.4.0/debian/patches/series 1970-01-01 07:00:00.0 +0700
+++ swath-0.4.0/debian/patches/series 2013-01-21 16:26:19.0 +0700
@@ -0,0 +1 @@
+01_buffer-overflow.patch
