Package: release.debian.org Severity: normal User: release.debian....@packages.debian.org Usertags: unblock
Please unblock package flightgear This upload fixes a security RC bug (#862689). The bug is tracked as CVE-2017-8921. unblock flightgear/1:2016.4.4+dfsg-3 Regards, Tobias
diff -Nru flightgear-2016.4.4+dfsg/debian/changelog flightgear-2016.4.4+dfsg/debian/changelog --- flightgear-2016.4.4+dfsg/debian/changelog 2017-01-24 21:38:55.000000000 +0100 +++ flightgear-2016.4.4+dfsg/debian/changelog 2017-05-19 21:10:15.000000000 +0200 @@ -1,3 +1,12 @@ +flightgear (1:2016.4.4+dfsg-3) unstable; urgency=medium + + * Team upload. + * Fix RouteMgr security: don't allow overwriting arbitrary files. + This fixes CVE-2017-8921. + Thanks to Salvatore Bonaccorso <car...@debian.org> (Closes: #862689) + + -- Dr. Tobias Quathamer <to...@debian.org> Fri, 19 May 2017 21:10:15 +0200 + flightgear (1:2016.4.4+dfsg-2) unstable; urgency=medium * Team upload. diff -Nru flightgear-2016.4.4+dfsg/debian/patches/restrict-save-flightplan-secu-fix-19ab09.patch flightgear-2016.4.4+dfsg/debian/patches/restrict-save-flightplan-secu-fix-19ab09.patch --- flightgear-2016.4.4+dfsg/debian/patches/restrict-save-flightplan-secu-fix-19ab09.patch 1970-01-01 01:00:00.000000000 +0100 +++ flightgear-2016.4.4+dfsg/debian/patches/restrict-save-flightplan-secu-fix-19ab09.patch 2017-05-19 21:06:22.000000000 +0200 @@ -0,0 +1,34 @@ +Description: RouteMgr security: don't allow overwriting arbitrary files. + The previous fix 280cd523 (included in 2016.4.4) missed commandSaveFlightPlan + This fixes CVE-2017-8921. + (cherry picked from commit faf872e7f71ca14c567ac7080561fc785d8d2fd0) +Origin: upstream, https://sourceforge.net/p/flightgear/flightgear/ci/19ab09406e4249f2c6f8ac51938258d1c51eace0/ +Author: Florent Rougon +--- a/src/Autopilot/route_mgr.cxx ++++ b/src/Autopilot/route_mgr.cxx +@@ -73,8 +73,23 @@ + static bool commandSaveFlightPlan(const SGPropertyNode* arg) + { + FGRouteMgr* self = (FGRouteMgr*) globals->get_subsystem("route-manager"); +- SGPath path(arg->getStringValue("path")); +- return self->saveRoute(path); ++ SGPath path = SGPath::fromUtf8(arg->getStringValue("path")); ++ SGPath authorizedPath = fgValidatePath(path, true /* write */); ++ ++ if (!authorizedPath.isNull()) { ++ return self->saveRoute(authorizedPath); ++ } else { ++ std::string msg = ++ "The route manager was asked to write the flightplan to '" + ++ path.utf8Str() + "', but this path is not authorized for writing. " + ++ "Please choose another location, for instance in the $FG_HOME/Export " ++ "folder (" + (globals->get_fg_home() / "Export").utf8Str() + ")."; ++ ++ SG_LOG(SG_AUTOPILOT, SG_ALERT, msg); ++ modalMessageBox("FlightGear", "Unable to write to the specified file", ++ msg); ++ return false; ++ } + } + + static bool commandActivateFlightPlan(const SGPropertyNode* arg) diff -Nru flightgear-2016.4.4+dfsg/debian/patches/series flightgear-2016.4.4+dfsg/debian/patches/series --- flightgear-2016.4.4+dfsg/debian/patches/series 2017-01-24 16:49:13.000000000 +0100 +++ flightgear-2016.4.4+dfsg/debian/patches/series 2017-05-19 20:59:56.000000000 +0200 @@ -3,3 +3,4 @@ spelling_20160920.patch spelling_20161121.patch relax_version_check.patch +restrict-save-flightplan-secu-fix-19ab09.patch
signature.asc
Description: OpenPGP digital signature
