Your message dated Thu, 05 Feb 2015 19:32:56 +0000
with message-id <[email protected]>
and subject line Bug#776589: fixed in unzip 6.0-8+deb7u2
has caused the Debian Bug report #776589,
regarding unzip: CVE-2014-9636 heap overflow via mismatched block sizes
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
776589: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776589
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: unzip
Version: 6.0-13
Severity: normal
Tags: patch
User: [email protected]
Usertags: origin-ubuntu vivid ubuntu-patch



*** /tmp/tmp7DfOwv/bug_body

In Ubuntu, the attached patch was applied to achieve the following:

  * SECURITY UPDATE: heap overflow via mismatched block sizes
    - debian/patches/12-cve-2014-9636-test-compr-eb: ensure compressed and
      uncompressed block sizes match when using STORED method in extract.c.
    - CVE-2014-9636


Thanks for considering the patch.


-- System Information:
Debian Release: jessie/sid
  APT prefers utopic-updates
  APT policy: (500, 'utopic-updates'), (500, 'utopic-security'), (500, 
'utopic-proposed'), (500, 'utopic'), (100, 'utopic-backports')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.16.0-30-generic (SMP w/4 CPU cores)
Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
diff -Nru unzip-6.0/debian/changelog unzip-6.0/debian/changelog
diff -Nru unzip-6.0/debian/patches/12-cve-2014-9636-test-compr-eb unzip-6.0/debian/patches/12-cve-2014-9636-test-compr-eb
--- unzip-6.0/debian/patches/12-cve-2014-9636-test-compr-eb	1969-12-31 19:00:00.000000000 -0500
+++ unzip-6.0/debian/patches/12-cve-2014-9636-test-compr-eb	2015-01-29 11:15:34.000000000 -0500
@@ -0,0 +1,43 @@
+From a9bfab5b52d08879bbc5e0991684b700127ddcff Mon Sep 17 00:00:00 2001
+From: mancha <mancha1 AT zoho DOT com>
+Date: Mon, 3 Nov 2014
+Subject: Info-ZIP UnZip buffer overflow
+
+By carefully crafting a corrupt ZIP archive with "extra fields" that
+purport to have compressed blocks larger than the corresponding
+uncompressed blocks in STORED no-compression mode, an attacker can
+trigger a heap overflow that can result in application crash or
+possibly have other unspecified impact.
+
+This patch ensures that when extra fields use STORED mode, the
+"compressed" and uncompressed block sizes match.
+
+---
+ extract.c |    8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+Index: unzip-6.0/extract.c
+===================================================================
+--- unzip-6.0.orig/extract.c	2015-01-29 11:15:31.118569464 -0500
++++ unzip-6.0/extract.c	2015-01-29 11:15:31.114569431 -0500
+@@ -2230,6 +2230,7 @@
+     ulg eb_ucsize;
+     uch *eb_ucptr;
+     int r;
++    ush method;
+ 
+     if (compr_offset < 4)                /* field is not compressed: */
+         return PK_OK;                    /* do nothing and signal OK */
+@@ -2246,6 +2247,12 @@
+      ((eb_ucsize > 0L) && (eb_size <= (compr_offset + EB_CMPRHEADLEN))))
+         return IZ_EF_TRUNC;             /* no/bad compressed data! */
+ 
++    method = makeword(eb + (EB_HEADSIZE + compr_offset));
++    if ((method == STORED) && (eb_size - compr_offset != eb_ucsize))
++	return PK_ERR;			  /* compressed & uncompressed
++					   * should match in STORED
++					   * method */
++
+     if (
+ #ifdef INT_16BIT
+         (((ulg)(extent)eb_ucsize) != eb_ucsize) ||
diff -Nru unzip-6.0/debian/patches/series unzip-6.0/debian/patches/series
--- unzip-6.0/debian/patches/series	2014-12-25 07:37:44.000000000 -0500
+++ unzip-6.0/debian/patches/series	2015-01-29 11:25:49.000000000 -0500
@@ -9,4 +9,5 @@
 09-cve-2014-8139-crc-overflow
 10-cve-2014-8140-test-compr-eb
 11-cve-2014-8141-getzip64data
+12-cve-2014-9636-test-compr-eb
 20-unzip60-alt-iconv-utf8

--- End Message ---
--- Begin Message ---
Source: unzip
Source-Version: 6.0-8+deb7u2

We believe that the bug you reported is fixed in the latest version of
unzip, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Santiago Vila <[email protected]> (supplier of updated unzip package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 01 Feb 2015 23:48:28 +0100
Source: unzip
Binary: unzip
Architecture: source amd64
Version: 6.0-8+deb7u2
Distribution: wheezy-security
Urgency: high
Maintainer: Santiago Vila <[email protected]>
Changed-By: Santiago Vila <[email protected]>
Description: 
 unzip      - De-archiver for .zip files
Closes: 775640 776589
Changes: 
 unzip (6.0-8+deb7u2) wheezy-security; urgency=high
 .
   * Security upload.
   * CVE-2014-9636: Fix heap overflow. Ensure that compressed
     and uncompressed block sizes match when using STORED method
     in extract.c. Closes: #776589.
   * CVE-2014-8139: Update patch. The old one was not right
     and had regressions with executable jar files. Closes: #775640
Checksums-Sha1: 
 8400b0fb5fad43ef83065d59a4330ee3a0d0b179 1676 unzip_6.0-8+deb7u2.dsc
 f62b356bf40fcbf0e1143f99ed90860583c3ddbc 14193 unzip_6.0-8+deb7u2.debian.tar.gz
 013a77751cd3d1e29adbd36978204631925ad5db 194898 unzip_6.0-8+deb7u2_amd64.deb
Checksums-Sha256: 
 b46313d05ee5cd7576390e8d21afe905f3b4eb08fa80ec97f1c2bf9197834123 1676 
unzip_6.0-8+deb7u2.dsc
 667c03e6b9ec219444f8a43c09532412d5e088f7c1803d673af899af34ebd6ab 14193 
unzip_6.0-8+deb7u2.debian.tar.gz
 aa7091a39b99cde48e1ed0ae930518b64ff215fbbf4a124b761bf386c3d38b8f 194898 
unzip_6.0-8+deb7u2_amd64.deb
Files: 
 38b882234bc2a7b9350028f8ee09367c 1676 utils optional unzip_6.0-8+deb7u2.dsc
 4fa58132df8930e551a5087f281149d4 14193 utils optional 
unzip_6.0-8+deb7u2.debian.tar.gz
 0fe74b198d91d63fefbb3094c43313a3 194898 utils optional 
unzip_6.0-8+deb7u2_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJU0JetAAoJEAVMuPMTQ89ET+AP/36uVn5JvpaVAx7Ru9ZyT9V4
Vdwb1zubwU0wE9ldMeeuukS81+rXiwtNr0M77MjK2OULxSTf1Uw+BHy2+9p0AXm8
fCJsmmDckgkROaXDoIlRH5aPS9jaXSmYyBPM/P8X0iHxkDFsJvgl6J39ZYqBAXz9
w0ImGPiYuLivn/oSbDsqlMKU69CaA4uHXD8ETvFCBYE8v8uid2ZK+dzR+vA3/o6r
mW8MsjWd/dQbfo9+PF4qYOKQcegyRInk1TAZmUgIhxpNGKwPVe7U846pcYc6OlVu
W31pCTxNxiME1sSh+Vef5ZI4afWS3Qjq3hZqEaofOjjyDqETVhmku/hjmjUb6bPD
ec4qEUMswBGeuI3cmuS7vJCdHCvapNNEQkhQ3ZASs+xcOaqi5OkZETuvQvdowkZW
fxO7EIOivqn0S2IqB1H31QP366Z/x2DhMkz107wIMFdlkXNbWm9NGajgH+UUtPF0
tbW4LeGUhRQ/hgS6ZCtsqrmAxCPPK6FuAVPsZzqC3fJMrV+jnCktB374z8qx3MJ8
b1PxpBvbLN4YwD1JJlnTb3w+JmtH9gIbjFX59LBXf6YI5ELyWCxjBfYdW3Lays/J
iKym+98gY2AbNgiLJd6s6aevY5hqrp/2yFlzqIqcy9ooSujFj2cgimrad6sXwh1K
+Ce2HA0JHsi/+jnhwc2g
=dAGc
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to