Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian@packages.debian.org
Usertags: pu
Dear Release Team,
I would like to propose the following changes to the dwarfutils
package in stretch:
* Add patch 02-fix-CVE-2017-9052.patch to fix CVE-2017-9052 and
CVE-2017-9055 (Closes: #864064).
* Add patch 03-fix-CVE-2017-9053.patch to fix CVE-2017-9053.
* Add patch 04-fix-CVE-2017-9054.patch to fix CVE-2017-9054.
* Add patch 05-fix-CVE-2017-9998.patch to fix CVE-2017-9998
(Closes: #866968).
This update would fix all currently known vulnerabilities in the
dwarfutils package in stretch. All changes have been cherry-picked
from the upstream development repository, and all of them are already
in unstable.
I have attached the debdiff that I would like to apply to the current
version in stable.
Thank you!
Kind regards,
Fabian
diff -Nru dwarfutils-20161124/debian/changelog
dwarfutils-20161124/debian/changelog
--- dwarfutils-20161124/debian/changelog2016-11-25 14:23:27.0
+0100
+++ dwarfutils-20161124/debian/changelog2017-07-11 15:33:51.0
+0200
@@ -1,3 +1,14 @@
+dwarfutils (20161124-1+deb9u1) stable; urgency=medium
+
+ * Add patch 02-fix-CVE-2017-9052.patch to fix CVE-2017-9052 and
+CVE-2017-9055 (Closes: #864064).
+ * Add patch 03-fix-CVE-2017-9053.patch to fix CVE-2017-9053.
+ * Add patch 04-fix-CVE-2017-9054.patch to fix CVE-2017-9054.
+ * Add patch 05-fix-CVE-2017-9998.patch to fix CVE-2017-9998
+(Closes: #866968).
+
+ -- Fabian Wolff Tue, 11 Jul 2017 15:33:51 +0200
+
dwarfutils (20161124-1) unstable; urgency=medium
* New upstream release.
diff -Nru dwarfutils-20161124/debian/patches/02-fix-CVE-2017-9052.patch
dwarfutils-20161124/debian/patches/02-fix-CVE-2017-9052.patch
--- dwarfutils-20161124/debian/patches/02-fix-CVE-2017-9052.patch
1970-01-01 01:00:00.0 +0100
+++ dwarfutils-20161124/debian/patches/02-fix-CVE-2017-9052.patch
2017-07-11 15:33:51.0 +0200
@@ -0,0 +1,31 @@
+Description: Fix CVE-2017-9052 and CVE-2017-9055
+Origin: upstream,
https://sourceforge.net/p/libdwarf/code/ci/cc37d6917011733d776ae228af4e5d6abe9613c1/
+Bug: https://www.prevanders.net/dwarfbug.html#DW201703-006
+Bug-Debian: https://bugs.debian.org/864064
+Last-Update: 2017-07-08
+---
+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
+--- a/libdwarf/dwarf_form.c
b/libdwarf/dwarf_form.c
+@@ -934,6 +934,10 @@
+ switch (attr->ar_attribute_form) {
+
+ case DW_FORM_data1:
++if (attr->ar_debug_ptr >= section_end) {
++_dwarf_error(dbg, error, DW_DLE_DIE_BAD);
++return DW_DLV_ERROR;
++}
+ *return_sval = (*(Dwarf_Sbyte *) attr->ar_debug_ptr);
+ return DW_DLV_OK;
+
+--- a/libdwarf/dwarf_query.c
b/libdwarf/dwarf_query.c
+@@ -377,7 +377,7 @@
+ }
+ if (_dwarf_reference_outside_section(die,
+ (Dwarf_Small*) info_ptr,
+-(Dwarf_Small*) info_ptr)) {
++((Dwarf_Small*) info_ptr)+1)) {
+ _dwarf_error(dbg, error,DW_DLE_ATTR_OUTSIDE_SECTION);
+ return DW_DLV_ERROR;
+ }
diff -Nru dwarfutils-20161124/debian/patches/03-fix-CVE-2017-9053.patch
dwarfutils-20161124/debian/patches/03-fix-CVE-2017-9053.patch
--- dwarfutils-20161124/debian/patches/03-fix-CVE-2017-9053.patch
1970-01-01 01:00:00.0 +0100
+++ dwarfutils-20161124/debian/patches/03-fix-CVE-2017-9053.patch
2017-07-11 15:33:51.0 +0200
@@ -0,0 +1,86 @@
+Description: Fix CVE-2017-9053
+Origin: upstream,
https://sourceforge.net/p/libdwarf/code/ci/cc37d6917011733d776ae228af4e5d6abe9613c1/
+Bug: https://www.prevanders.net/dwarfbug.html#DW201703-005
+Bug-Debian: https://bugs.debian.org/864064
+Last-Update: 2017-07-08
+---
+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
+--- a/libdwarf/dwarf_loc.c
b/libdwarf/dwarf_loc.c
+@@ -237,6 +237,10 @@
+ break;
+
+ case DW_OP_const1u:
++if (loc_ptr >= section_end) {
++_dwarf_error(dbg,error,DW_DLE_LOCEXPR_OFF_SECTION_END);
++return DW_DLV_ERROR;
++}
+ operand1 = *(Dwarf_Small *) loc_ptr;
+ loc_ptr = loc_ptr + 1;
+ if (loc_ptr > section_end) {
+@@ -247,6 +251,10 @@
+ break;
+
+ case DW_OP_const1s:
++if (loc_ptr >= section_end) {
++_dwarf_error(dbg,error,DW_DLE_LOCEXPR_OFF_SECTION_END);
++return DW_DLV_ERROR;
++}
+ operand1 = *(Dwarf_Sbyte *) loc_ptr;
+ SIGN_EXTEND(operand1,1);
+ loc_ptr = loc_ptr + 1;
+@@ -372,6 +380,10 @@
+ break;
+
+ case DW_OP_pick:
++if (loc_ptr >= section_end) {
++_dwarf_error(dbg,error,DW_DLE_LOCEXPR_OFF_SECTION_END);
++return DW_DLV_ERROR;
++}
+ operand1 = *(Dwarf_Small *) loc_ptr;
+ loc_ptr = loc_ptr + 1;
+ if (loc_ptr