Bug#778492: unblock: ndisc6/1.0.1-2
On Sun, Mar 1, 2015 at 12:32 AM, Michael Gilbert wrote: >> It would be nice to compare what happens when one installs gnome/jessie >> vs. gnome/sid. I really wouldn't want this conflict to trigger having >> rdnssd installed and network-manager/gnome not… > > After a successful jessie gnome install over ipv6 > > $ dpkg -l | grep rdnssd > $ dpkg -l | grep network-manager > network-manager > network-manager-gnome > > After a successful sid gnome install over ipv6 > > $ dpkg -l | grep rdnssd > $ dpkg -l | grep network-manager > network-manager > network-manager-gnome I had retyped that in from another computer, and I just now noticed the commands are incorrect for the shown output. For completeness, the actual commands were $ dpkg -l | grep | cut -d' ' -f3 -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/CANTw=MMF0�wr6zkwlhfz8nc+roqzrxl39ofwhripcyf...@mail.gmail.com
Bug#779534: unblock: scummvm/1.7.0+dfsg-2
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package scummvm Dear release team, it was discovered that ScummVM crashed on ARM platforms due to buggy asm optimizations which made the engine unusable. The issue was resolved by disabling those optimizations during build time. This is Debian bug https://bugs.debian.org/779029 Debdiff is attached. Regards, Markus unblock scummvm/1.7.0+dfsg-2 -- System Information: Debian Release: 8.0 APT prefers testing APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 3.16.0-4-amd64 (SMP w/2 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) diff -Nru scummvm-1.7.0+dfsg/debian/changelog scummvm-1.7.0+dfsg/debian/changelog --- scummvm-1.7.0+dfsg/debian/changelog 2014-08-09 17:10:20.0 +0200 +++ scummvm-1.7.0+dfsg/debian/changelog 2015-02-28 18:52:30.0 +0100 @@ -1,3 +1,15 @@ +scummvm (1.7.0+dfsg-2) unstable; urgency=medium + + * Team upload. + * Add disable-arm-asm.patch. +Fix a crash and segmentation fault on ARM systems by disabling asm +optimizations. +Thanks to Konstantinos Margaritis for the report +and patch and Vagrant Cascadian for further testing. +(Closes: #779029) + + -- Markus Koschany Sat, 28 Feb 2015 18:50:52 +0100 + scummvm (1.7.0+dfsg-1) unstable; urgency=low * New upstream release [July 2014]. diff -Nru scummvm-1.7.0+dfsg/debian/patches/disable-arm-asm.patch scummvm-1.7.0+dfsg/debian/patches/disable-arm-asm.patch --- scummvm-1.7.0+dfsg/debian/patches/disable-arm-asm.patch 1970-01-01 01:00:00.0 +0100 +++ scummvm-1.7.0+dfsg/debian/patches/disable-arm-asm.patch 2015-02-28 18:52:30.0 +0100 @@ -0,0 +1,32 @@ +From: Konstantinos Margaritis +Date: Sat, 28 Feb 2015 18:46:02 +0100 +Subject: disable arm asm + +Disable asm optimizatons for ARM sytems to prevent a crash and +segmentation fault when running ScummVM on these platforms. + +Forwarded: http://sourceforge.net/p/scummvm/bugs/6810/ +Bug-Debian: https://bugs.debian.org/779029 +--- + configure | 8 + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/configure b/configure +index 0635907..d3391e7 100755 +--- a/configure b/configure +@@ -2027,10 +2027,10 @@ echo_n "Checking host CPU architecture... " + case $_host_cpu in + arm*) + echo "ARM" +- define_in_config_if_yes yes 'USE_ARM_SCALER_ASM' +- define_in_config_if_yes yes 'USE_ARM_SOUND_ASM' +- define_in_config_if_yes yes 'USE_ARM_SMUSH_ASM' +- define_in_config_if_yes yes 'USE_ARM_GFX_ASM' ++ # define_in_config_if_yes yes 'USE_ARM_SCALER_ASM' ++ # define_in_config_if_yes yes 'USE_ARM_SOUND_ASM' ++ # define_in_config_if_yes yes 'USE_ARM_SMUSH_ASM' ++ # define_in_config_if_yes yes 'USE_ARM_GFX_ASM' + # FIXME: The following feature exhibits a bug during the intro scene of Indy 4 + # (on Pandora and iPhone at least) + #define_in_config_if_yes yes 'USE_ARM_COSTUME_ASM' diff -Nru scummvm-1.7.0+dfsg/debian/patches/series scummvm-1.7.0+dfsg/debian/patches/series --- scummvm-1.7.0+dfsg/debian/patches/series 2014-08-09 16:16:00.0 +0200 +++ scummvm-1.7.0+dfsg/debian/patches/series 2015-02-28 18:52:30.0 +0100 @@ -1 +1,2 @@ drop1test.patch +disable-arm-asm.patch
Bug#779533: unblock: t1utils/1.38-4
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock t1utils/1.38-4. This version of t1utils fixes a buffer overflow that can be reliably triggered by a crashed pfb font file, as demonstrated by Jakub Wilk (in #779274). It is my understanding that Jakub concluded that this can be exploited to execute code on CPUs/architectures without the "NX" (No-eXec) flag. I have decided to patch this with a smaller patch compared to upstream. The upstream version of the fix involves dynamic memory allocation. The 1.38-4 version instead features a simple bounds check and an (vastly) increased buffer size to (hopefully) avoid flagging valid files. I have uploaded it as urgency medium. It should possibly have been urgency=high. Thanks, ~Niels diff -Nru t1utils-1.38/debian/changelog t1utils-1.38/debian/changelog --- t1utils-1.38/debian/changelog 2015-02-22 13:44:09.0 +0100 +++ t1utils-1.38/debian/changelog 2015-03-01 22:33:59.0 +0100 @@ -1,3 +1,13 @@ +t1utils (1.38-4) unstable; urgency=medium + + * Add bounds check for cs_start buffer. (Closes: #779274) + * Increase the size of cs_start to 1024 from 10 to support +longer values. This is closer to the spirit upstream's +fix that supports arbitrary long values provided the +machine have enough memory. + + -- Niels Thykier Sun, 01 Mar 2015 22:30:57 +0100 + t1utils (1.38-3) unstable; urgency=medium * Replace the Debian patch for #772774 with upstreams diff -Nru t1utils-1.38/debian/patches/fix-cs-start-buffer-overflow.patch t1utils-1.38/debian/patches/fix-cs-start-buffer-overflow.patch --- t1utils-1.38/debian/patches/fix-cs-start-buffer-overflow.patch 1970-01-01 01:00:00.0 +0100 +++ t1utils-1.38/debian/patches/fix-cs-start-buffer-overflow.patch 2015-03-01 22:46:07.0 +0100 @@ -0,0 +1,45 @@ +Description: Fix buffer overflow in set_cs_start + +Upstream decided to fix this differently by using malloc to +dynamically resize the buffer as needed. Given the size of the +commit, I decided to "keep it simple" and just bail on this issue. + +At the same time, I also increased the buffer size "just incase". +Given 10 has been working without crashes so far, it seems reasonable +to assume that 1024 will be "more than enough" for Jessie. For +Stretch, we will be using the upstream version of the patch and +support arbitrary lengths for cs_start. + +Author: Niels Thykier +Bug-Upstream: https://github.com/kohler/t1utils/issues/4 +Forwarded: not-needed + +diff --git a/t1disasm.c b/t1disasm.c +index 5def559..c899985 100644 +--- a/t1disasm.c b/t1disasm.c +@@ -79,7 +79,7 @@ typedef unsigned char byte; + + static FILE *ofp; + static int lenIV = 4; +-static char cs_start[10]; ++static char cs_start[1024]; + static int unknown = 0; + + /* decryption stuff */ +@@ -118,10 +118,14 @@ set_cs_start(char *line) + *p = '\0'; /* damage line[] */ + q = strrchr(line, '/'); + if (q) { ++ char *limit = cs_start + sizeof(cs_start); + r = cs_start; + ++q; +- while (!isspace(*q) && *q != '{') ++ while (!isspace(*q) && *q != '{' && r < limit) + *r++ = *q++; ++ if (r == limit) { ++fatal_error("disassembly error: Unsupported file, cs_start value too long"); ++ } + *r = '\0'; + } + *p = 's'; /* repair line[] */ diff -Nru t1utils-1.38/debian/patches/series t1utils-1.38/debian/patches/series --- t1utils-1.38/debian/patches/series 2015-02-22 13:44:09.0 +0100 +++ t1utils-1.38/debian/patches/series 2015-03-01 22:30:20.0 +0100 @@ -1 +1,2 @@ commit-1b33735.patch +fix-cs-start-buffer-overflow.patch
Bug#779523: unblock (pre-approval): sudo/1.8.10p3-1+deb8u2
Control: tags -1 confirmed moreinfo On 2015-03-01 22:01, Christian Kastner wrote: > Package: release.debian.org > Severity: normal > User: release.debian@packages.debian.org > Usertags: unblock > > Hi, > > With the maintainer's permission, I'd like to ask your approval for an > upload to t-p-u for the attached debdiff. Two CVE patches and one tiny > patch were added, and two issues were fixed with the maintainer scripts. > > All of these changes have been in unstable for at least a week now, and > no new issues have been reported. > > Regards, > Christian > Excellent, please go ahead and upload this to t-p-u. Once it has been uploaded, please notify us and remove the moreinfo tag. ~Niels -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/54f38492.3050...@thykier.net
Processed: Re: Bug#779523: unblock (pre-approval): sudo/1.8.10p3-1+deb8u2
Processing control commands: > tags -1 confirmed moreinfo Bug #779523 [release.debian.org] unblock (pre-approval): sudo/1.8.10p3-1+deb8u2 Added tag(s) confirmed and moreinfo. -- 779523: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=779523 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/handler.s.b779523.142524533914104.transcr...@bugs.debian.org
Bug#779523: unblock (pre-approval): sudo/1.8.10p3-1+deb8u2
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Hi, With the maintainer's permission, I'd like to ask your approval for an upload to t-p-u for the attached debdiff. Two CVE patches and one tiny patch were added, and two issues were fixed with the maintainer scripts. All of these changes have been in unstable for at least a week now, and no new issues have been reported. Regards, Christian sudo_1.8.10p3-1+deb8u2.dsc Description: Binary data
Bug#779517: marked as done (unblock: putty/0.63-10)
Your message dated Sun, 01 Mar 2015 21:09:08 +0100 with message-id <54f371e4.9000...@thykier.net> and subject line Re: Bug#779517: unblock: putty/0.63-10 has caused the Debian Bug report #779517, regarding unblock: putty/0.63-10 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 779517: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=779517 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock putty 0.63-10. This is mainly a CVE-assigned security fix (which I cherry-picked rather than trying to get the new 0.64 release into jessie), but there are a couple of sub-CVE-level issues, and two other small changes I think are worth including. diff -Nru putty-0.63/debian/.git-dpm putty-0.63/debian/.git-dpm --- putty-0.63/debian/.git-dpm 2014-10-12 20:43:25.0 +0100 +++ putty-0.63/debian/.git-dpm 2015-03-01 12:58:10.0 + @@ -1,6 +1,6 @@ # see git-dpm(1) from git-dpm package -fa575a5eb77674f9b35cbad2d23c1090592197ca -fa575a5eb77674f9b35cbad2d23c1090592197ca +ec231f1fb9e91c21cc24fd0ce731d9bee7218613 +ec231f1fb9e91c21cc24fd0ce731d9bee7218613 6e1e908982e54596aa30d7d4a1f6f00b8fc7fba8 6e1e908982e54596aa30d7d4a1f6f00b8fc7fba8 putty_0.63.orig.tar.gz diff -Nru putty-0.63/debian/changelog putty-0.63/debian/changelog --- putty-0.63/debian/changelog 2014-10-12 20:47:43.0 +0100 +++ putty-0.63/debian/changelog 2015-03-01 12:59:16.0 + @@ -1,3 +1,23 @@ +putty (0.63-10) unstable; urgency=medium + + * Backport from upstream: +- Make kh2reg.py compatible with modern Python. +- MATTA-2015-002: Enforce acceptable range for Diffie-Hellman server + value. +- Fix an erroneous length field in SSH-1 key load. +- CVE-2015-2157: Fix failure to clear sensitive private key information + from memory (closes: #779488). + + -- Colin Watson Sun, 01 Mar 2015 12:59:15 + + +putty (0.63-9) unstable; urgency=medium + + * Backport from upstream (Simon Tatham): +- Revert the default for font bolding style back to using colours rather + than fonts (closes: #772948). + + -- Colin Watson Sat, 13 Dec 2014 10:11:04 + + putty (0.63-8) unstable; urgency=medium * Backport from upstream (Simon Tatham), suggested by Jacob Nevins: diff -Nru putty-0.63/debian/patches/enforce-dh-range.patch putty-0.63/debian/patches/enforce-dh-range.patch --- putty-0.63/debian/patches/enforce-dh-range.patch1970-01-01 01:00:00.0 +0100 +++ putty-0.63/debian/patches/enforce-dh-range.patch2015-03-01 12:58:09.0 + @@ -0,0 +1,89 @@ +From 1358a16471783c9c816fe9004de45ae7202bc976 Mon Sep 17 00:00:00 2001 +From: Simon Tatham +Date: Sun, 1 Mar 2015 12:50:27 + +Subject: Enforce acceptable range for Diffie-Hellman server value. + +Florent Daigniere of Matta points out that RFC 4253 actually +_requires_ us to refuse to accept out-of-range values, though it isn't +completely clear to me why this should be a MUST on the receiving end. + +Matta considers this to be a security vulnerability, on the grounds +that if a server should accidentally send an obviously useless value +such as 1 then we will fail to reject it and agree a key that an +eavesdropper could also figure out. Their id for this vulnerability is +MATTA-2015-002. + +Origin: upstream, http://tartarus.org/~simon-git/gitweb/?p=putty.git;a=commitdiff;h=174476813f0ed94337aecc3e2d13a202a1dc2fa8 +Last-Update: 2015-03-01 + +Patch-Name: enforce-dh-range.patch +--- + ssh.c | 7 +++ + ssh.h | 1 + + sshdh.c | 23 +++ + 3 files changed, 31 insertions(+) + +diff --git a/ssh.c b/ssh.c +index 9eed54d..b543df1 100644 +--- a/ssh.c b/ssh.c +@@ -6082,6 +6082,13 @@ static void do_ssh2_transport(Ssh ssh, void *vin, int inlen, + } + ssh_pkt_getstring(pktin, &s->sigdata, &s->siglen); + ++{ ++const char *err = dh_validate_f(ssh->kex_ctx, s->f); ++if (err) { ++bombout(("key exchange reply failed validation: %s", err)); ++crStopV; ++} ++} + s->K = dh_find_K(ssh->kex_ctx, s->f); + + /* We assume everything from now on will be quick, and it might +diff --git a/ssh.h b/ssh.h +index 031fd97..ac5a10f 100644 +--- a/ssh.h b/ssh.h +@@ -471,6 +471,7 @@ void *dh_setup_group(const struct ssh_kex *kex); + void *dh_setup_gex(Bignum pval, Bignum gval); + void dh_cleanup(void *); + Bignum dh_create_e(void *, int nbits); ++const char *dh_validate_f(void *ha
Bug#779517: unblock: putty/0.63-10
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock putty 0.63-10. This is mainly a CVE-assigned security fix (which I cherry-picked rather than trying to get the new 0.64 release into jessie), but there are a couple of sub-CVE-level issues, and two other small changes I think are worth including. diff -Nru putty-0.63/debian/.git-dpm putty-0.63/debian/.git-dpm --- putty-0.63/debian/.git-dpm 2014-10-12 20:43:25.0 +0100 +++ putty-0.63/debian/.git-dpm 2015-03-01 12:58:10.0 + @@ -1,6 +1,6 @@ # see git-dpm(1) from git-dpm package -fa575a5eb77674f9b35cbad2d23c1090592197ca -fa575a5eb77674f9b35cbad2d23c1090592197ca +ec231f1fb9e91c21cc24fd0ce731d9bee7218613 +ec231f1fb9e91c21cc24fd0ce731d9bee7218613 6e1e908982e54596aa30d7d4a1f6f00b8fc7fba8 6e1e908982e54596aa30d7d4a1f6f00b8fc7fba8 putty_0.63.orig.tar.gz diff -Nru putty-0.63/debian/changelog putty-0.63/debian/changelog --- putty-0.63/debian/changelog 2014-10-12 20:47:43.0 +0100 +++ putty-0.63/debian/changelog 2015-03-01 12:59:16.0 + @@ -1,3 +1,23 @@ +putty (0.63-10) unstable; urgency=medium + + * Backport from upstream: +- Make kh2reg.py compatible with modern Python. +- MATTA-2015-002: Enforce acceptable range for Diffie-Hellman server + value. +- Fix an erroneous length field in SSH-1 key load. +- CVE-2015-2157: Fix failure to clear sensitive private key information + from memory (closes: #779488). + + -- Colin Watson Sun, 01 Mar 2015 12:59:15 + + +putty (0.63-9) unstable; urgency=medium + + * Backport from upstream (Simon Tatham): +- Revert the default for font bolding style back to using colours rather + than fonts (closes: #772948). + + -- Colin Watson Sat, 13 Dec 2014 10:11:04 + + putty (0.63-8) unstable; urgency=medium * Backport from upstream (Simon Tatham), suggested by Jacob Nevins: diff -Nru putty-0.63/debian/patches/enforce-dh-range.patch putty-0.63/debian/patches/enforce-dh-range.patch --- putty-0.63/debian/patches/enforce-dh-range.patch1970-01-01 01:00:00.0 +0100 +++ putty-0.63/debian/patches/enforce-dh-range.patch2015-03-01 12:58:09.0 + @@ -0,0 +1,89 @@ +From 1358a16471783c9c816fe9004de45ae7202bc976 Mon Sep 17 00:00:00 2001 +From: Simon Tatham +Date: Sun, 1 Mar 2015 12:50:27 + +Subject: Enforce acceptable range for Diffie-Hellman server value. + +Florent Daigniere of Matta points out that RFC 4253 actually +_requires_ us to refuse to accept out-of-range values, though it isn't +completely clear to me why this should be a MUST on the receiving end. + +Matta considers this to be a security vulnerability, on the grounds +that if a server should accidentally send an obviously useless value +such as 1 then we will fail to reject it and agree a key that an +eavesdropper could also figure out. Their id for this vulnerability is +MATTA-2015-002. + +Origin: upstream, http://tartarus.org/~simon-git/gitweb/?p=putty.git;a=commitdiff;h=174476813f0ed94337aecc3e2d13a202a1dc2fa8 +Last-Update: 2015-03-01 + +Patch-Name: enforce-dh-range.patch +--- + ssh.c | 7 +++ + ssh.h | 1 + + sshdh.c | 23 +++ + 3 files changed, 31 insertions(+) + +diff --git a/ssh.c b/ssh.c +index 9eed54d..b543df1 100644 +--- a/ssh.c b/ssh.c +@@ -6082,6 +6082,13 @@ static void do_ssh2_transport(Ssh ssh, void *vin, int inlen, + } + ssh_pkt_getstring(pktin, &s->sigdata, &s->siglen); + ++{ ++const char *err = dh_validate_f(ssh->kex_ctx, s->f); ++if (err) { ++bombout(("key exchange reply failed validation: %s", err)); ++crStopV; ++} ++} + s->K = dh_find_K(ssh->kex_ctx, s->f); + + /* We assume everything from now on will be quick, and it might +diff --git a/ssh.h b/ssh.h +index 031fd97..ac5a10f 100644 +--- a/ssh.h b/ssh.h +@@ -471,6 +471,7 @@ void *dh_setup_group(const struct ssh_kex *kex); + void *dh_setup_gex(Bignum pval, Bignum gval); + void dh_cleanup(void *); + Bignum dh_create_e(void *, int nbits); ++const char *dh_validate_f(void *handle, Bignum f); + Bignum dh_find_K(void *, Bignum f); + + int loadrsakey(const Filename *filename, struct RSAKey *key, +diff --git a/sshdh.c b/sshdh.c +index c733b61..8f8ab2d 100644 +--- a/sshdh.c b/sshdh.c +@@ -219,6 +219,29 @@ Bignum dh_create_e(void *handle, int nbits) + } + + /* ++ * DH stage 2-epsilon: given a number f, validate it to ensure it's in ++ * range. (RFC 4253 section 8: "Values of 'e' or 'f' that are not in ++ * the range [1, p-1] MUST NOT be sent or accepted by either side." ++ * Also, we rule out 1 and p-1 too, since that's easy to do and since ++ * they lead to obviously weak keys that even a passive eavesdropper ++ * can figure out.) ++ */ ++const char *dh_validate_f(void *handle, Bignum f) ++{ ++struct dh_ctx *ctx = (struct dh_ctx *)handle; ++if (bignum_cmp(f, One) <= 0
Bug#779423: unblock: llvm-toolchain-3.5/1:3.5-10
On Sat, Feb 28, 2015 at 12:54:17 +0100, Mehdi Dogguy wrote: > Control: tags -1 + moreinfo > > On Sat, Feb 28, 2015 at 12:03:03PM +0100, Sylvestre Ledru > wrote: > > > > Please unblock package llvm-toolchain-3.5 > > > > The lldb arch detection is broken. This breaks the usage of lldb. > > Cf bug #779332 > > > > unblock llvm-toolchain-3.5/1:3.5-10 > > > > Unfortunately, unblocking llvm-toolchain-3.5 requires fixing #777580. > Feel free to remove the moreinfo tag when the RC bug is fixed. > That whole thing looks kind of messed up. Either there should be only one non-versioned python-clang package, or the module name should be versioned... Also, even with the current layout, wrong use of Breaks where Conflicts are wanted. Cheers, Julien signature.asc Description: Digital signature
Bug#779512: marked as done (unblock: xen/4.4.1-7)
Your message dated Sun, 1 Mar 2015 19:32:18 +0100 with message-id <20150301183218.gk1...@betterave.cristau.org> and subject line Re: Bug#779512: unblock: xen/4.4.1-7 has caused the Debian Bug report #779512, regarding unblock: xen/4.4.1-7 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 779512: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=779512 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock xen/4.4.1-7. It fixes two low priority security bugs and fixes a nasty problem with the domain metadata setup for the host system. xen (4.4.1-7) unstable; urgency=medium . [ Bastian Blank ] * Fix use after free on guest shutdown. CVE-2015-0361 * Fix rate limits of guest triggered locking. CVE-2015-1563 . [ Ian Campbell ] * Use xen-init-dom0 from initscript when it is available. unblock xen/4.4.1-7 -- System Information: Debian Release: 8.0 APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.18.0-trunk-amd64 (SMP w/4 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) --- End Message --- --- Begin Message --- On Sun, Mar 1, 2015 at 19:00:56 +0100, Bastian Blank wrote: > Package: release.debian.org > Severity: normal > User: release.debian@packages.debian.org > Usertags: unblock > > Please unblock xen/4.4.1-7. It fixes two low priority security bugs and > fixes a nasty problem with the domain metadata setup for the host > system. > > xen (4.4.1-7) unstable; urgency=medium A more verbose description for the debian/ changes would have been welcome. Anyway, unblocked, thanks. Cheers, Julien signature.asc Description: Digital signature --- End Message ---
Bug#779512: unblock: xen/4.4.1-7
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock xen/4.4.1-7. It fixes two low priority security bugs and fixes a nasty problem with the domain metadata setup for the host system. xen (4.4.1-7) unstable; urgency=medium . [ Bastian Blank ] * Fix use after free on guest shutdown. CVE-2015-0361 * Fix rate limits of guest triggered locking. CVE-2015-1563 . [ Ian Campbell ] * Use xen-init-dom0 from initscript when it is available. unblock xen/4.4.1-7 -- System Information: Debian Release: 8.0 APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.18.0-trunk-amd64 (SMP w/4 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150301180056.32443.66044.report...@rockhammer.waldi.eu.org
Bug#779508: unblock: php-monolog/1.11.0-2
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package php-monolog It fixes a potential security issue (mail header injection) by cherry-picking an upstream commit that was already included in version 1.12.0-1 (as available in experimental). The patch also includes an update to the test suite (showing how the issue may have been exploited). php-monolog (1.11.0-2) unstable; urgency=medium * Add gbp.conf to track the Jessie branch * Fix a potential security issue (header injection) Prevent header injection through content type / encoding in NativeMailerHandler. -- David Prévot Sun, 01 Mar 2015 01:56:16 -0400 Please find attached the full debdiff, as well as the new patch itself to ease the review. unblock php-monolog/1.11.0-2 Thanks in advance for considering. Regards David diff --git a/debian/changelog b/debian/changelog index 8a207aa..a8bf6bb 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,12 @@ +php-monolog (1.11.0-2) unstable; urgency=medium + + * Add gbp.conf to track the Jessie branch + * Fix a potential security issue (header injection) +Prevent header injection through content type / encoding in +NativeMailerHandler. + + -- David Prévot Sun, 01 Mar 2015 01:56:16 -0400 + php-monolog (1.11.0-1) unstable; urgency=medium [ gkedzierski ] diff --git a/debian/gbp.conf b/debian/gbp.conf new file mode 100644 index 000..fae4302 --- /dev/null +++ b/debian/gbp.conf @@ -0,0 +1,2 @@ +[DEFAULT] +debian-branch = jessie diff --git a/debian/patches/0004-Prevent-header-injection-through-content-type-encodi.patch b/debian/patches/0004-Prevent-header-injection-through-content-type-encodi.patch new file mode 100644 index 000..1c27746 --- /dev/null +++ b/debian/patches/0004-Prevent-header-injection-through-content-type-encodi.patch @@ -0,0 +1,65 @@ +From: Jordi Boggiano +Date: Sun, 28 Dec 2014 14:32:10 + +Subject: Prevent header injection through content type / encoding in + NativeMailerHandler, fixes #458, closes #448 + +Bug: https://github.com/Seldaek/monolog/pull/448 https://github.com/Seldaek/monolog/issues/458 +Origin: upstream, https://github.com/Seldaek/monolog/commit/515a096c864b00b3967f7f601680f85d4a2e4001 +--- + src/Monolog/Handler/NativeMailerHandler.php | 8 + tests/Monolog/Handler/NativeMailerHandlerTest.php | 18 ++ + 2 files changed, 26 insertions(+) + +diff --git a/src/Monolog/Handler/NativeMailerHandler.php b/src/Monolog/Handler/NativeMailerHandler.php +index 7605a14..0fe6b64 100644 +--- a/src/Monolog/Handler/NativeMailerHandler.php b/src/Monolog/Handler/NativeMailerHandler.php +@@ -129,6 +129,10 @@ class NativeMailerHandler extends MailHandler + */ + public function setContentType($contentType) + { ++if (strpos($contentType, "\n") !== false || strpos($contentType, "\r") !== false) { ++throw new \InvalidArgumentException('The content type can not contain newline characters to prevent email header injection'); ++} ++ + $this->contentType = $contentType; + + return $this; +@@ -140,6 +144,10 @@ class NativeMailerHandler extends MailHandler + */ + public function setEncoding($encoding) + { ++if (strpos($encoding, "\n") !== false || strpos($encoding, "\r") !== false) { ++throw new \InvalidArgumentException('The content type can not contain newline characters to prevent email header injection'); ++} ++ + $this->encoding = $encoding; + + return $this; +diff --git a/tests/Monolog/Handler/NativeMailerHandlerTest.php b/tests/Monolog/Handler/NativeMailerHandlerTest.php +index 50ceace..c2553ee 100644 +--- a/tests/Monolog/Handler/NativeMailerHandlerTest.php b/tests/Monolog/Handler/NativeMailerHandlerTest.php +@@ -40,4 +40,22 @@ class NativeMailerHandlerTest extends TestCase + $mailer = new NativeMailerHandler('spam...@example.org', 'dear victim', 'recei...@example.org'); + $mailer->addHeader(array("Content-Type: text/html\r\nFrom: fa...@attacker.org")); + } ++ ++/** ++ * @expectedException InvalidArgumentException ++ */ ++public function testSetterContentTypeInjection() ++{ ++$mailer = new NativeMailerHandler('spam...@example.org', 'dear victim', 'recei...@example.org'); ++$mailer->setContentType("text/html\r\nFrom: fa...@attacker.org"); ++} ++ ++/** ++ * @expectedException InvalidArgumentException ++ */ ++public function testSetterEncodingInjection() ++{ ++$mailer = new NativeMailerHandler('spam...@example.org', 'dear victim', 'recei...@example.org'); ++$mailer->setEncoding("utf-8\r\nFrom: fa...@attacker.org"); ++} + } diff --git a/debian/patches/series b/debian/patches/series index 5286df5..9766944 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -1,3 +1,4 @@ 0001-Use-ClassLoader-from-Symfony-instead-o