Your message dated Thu, 07 Dec 2017 08:50:12 +0000
with message-id <[email protected]>
and subject line Bug#883691: fixed in game-music-emu 0.6.2-1
has caused the Debian Bug report #883691,
regarding game-music-emu: CVE-2017-17446: AddressSanitizer:
negative-size-param: (size=-8), size=-8 passed to memcpy in
Mem_File_Reader::read_avail
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
883691: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=883691
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: src:libextractor
Version: 1:1.6-1
Severity: important
Tags: security
Hi,
while I was working on the security update for Wheezy I discovered
that libextractor in Buster/Sid is still vulnerable to CVE-2017-15600
and CVE-2017-15602. I could reproduce two segmentation faults with the
provided POCs. They are attached to the upstream bug report:
http://lists.gnu.org/archive/html/bug-libextractor/2017-10/msg00004.html
http://lists.gnu.org/archive/html/bug-libextractor/2017-10/msg00005.html
Just run "extract -i $POC"
I'm attaching my gdb log files to this bug report.
Regards,
Markus
-- System Information:
Debian Release: buster/sid
APT prefers unstable-debug
APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 4.13.0-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8),
LANGUAGE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: unable to detect
Starting program: /usr/bin/extract -i
extract-nsf_extract_method-nsf_extractor-164.crash
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
[New Thread 0x7ffff3e3d700 (LWP 26451)]
[New Thread 0x7fffd8f13700 (LWP 26452)]
[Thread 0x7fffd8f13700 (LWP 26452) exited]
Thread 1 "extract" received signal SIGSEGV, Segmentation fault.
0x00007fffd810b6cc in EXTRACTOR_xm_extract_method () from
/usr/lib/x86_64-linux-gnu/libextractor/libextractor_xm.so
#0 0x00007fffd810b6cc in EXTRACTOR_xm_extract_method () from
/usr/lib/x86_64-linux-gnu/libextractor/libextractor_xm.so
No symbol table info available.
#1 0x00007ffff7bd316d in ?? () from /usr/lib/x86_64-linux-gnu/libextractor.so.3
No symbol table info available.
#2 0x00007ffff7bd34b4 in EXTRACTOR_extract () from
/usr/lib/x86_64-linux-gnu/libextractor.so.3
No symbol table info available.
#3 0x0000555555556360 in main (argc=<optimized out>, argv=<optimized out>) at
extract.c:983
i = 2
plugins = 0x5555557642e0
option_index = 0
c = <optimized out>
libraries = <optimized out>
nodefault = <optimized out>
defaultAll = <optimized out>
bibtex = 0
grepfriendly = 0
ret = 0
processor = 0x5555555569f0 <print_selected_keywords>
Starting program: /usr/bin/extract -i bin_6iRW3tXve.bin
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
[New Thread 0x7ffff3e3d700 (LWP 27320)]
Thread 1 "extract" received signal SIGSEGV, Segmentation fault.
0x00007ffff755061e in ?? () from /lib/x86_64-linux-gnu/libc.so.6
#0 0x00007ffff755061e in ?? () from /lib/x86_64-linux-gnu/libc.so.6
No symbol table info available.
#1 0x00007fffe90bce6d in ?? () from /usr/lib/x86_64-linux-gnu/libgme.so.0
No symbol table info available.
#2 0x00007fffe90bcc8a in ?? () from /usr/lib/x86_64-linux-gnu/libgme.so.0
No symbol table info available.
#3 0x00007fffe90e0232 in ?? () from /usr/lib/x86_64-linux-gnu/libgme.so.0
No symbol table info available.
#4 0x00007fffe90e05f3 in ?? () from /usr/lib/x86_64-linux-gnu/libgme.so.0
No symbol table info available.
#5 0x00007fffe90c094e in ?? () from /usr/lib/x86_64-linux-gnu/libgme.so.0
No symbol table info available.
#6 0x00007fffe90bfb7c in gme_load_data () from
/usr/lib/x86_64-linux-gnu/libgme.so.0
No symbol table info available.
#7 0x00007fffe90bfc34 in gme_open_data () from
/usr/lib/x86_64-linux-gnu/libgme.so.0
No symbol table info available.
#8 0x00007ffff0f46582 in ?? () from /usr/lib/x86_64-linux-gnu/libavformat.so.57
No symbol table info available.
#9 0x00007ffff1035170 in avformat_open_input () from
/usr/lib/x86_64-linux-gnu/libavformat.so.57
No symbol table info available.
#10 0x00007ffff1571a36 in EXTRACTOR_previewopus_extract_method ()
from /usr/lib/x86_64-linux-gnu/libextractor/libextractor_previewopus.so
No symbol table info available.
#11 0x00007ffff7bd316d in ?? () from /usr/lib/x86_64-linux-gnu/libextractor.so.3
No symbol table info available.
#12 0x00007ffff7bd34b4 in EXTRACTOR_extract () from
/usr/lib/x86_64-linux-gnu/libextractor.so.3
No symbol table info available.
#13 0x0000555555556360 in main (argc=<optimized out>, argv=<optimized out>) at
extract.c:983
i = 2
plugins = 0x5555557642c0
option_index = 0
c = <optimized out>
libraries = <optimized out>
nodefault = <optimized out>
defaultAll = <optimized out>
bibtex = 0
grepfriendly = 0
ret = 0
processor = 0x5555555569f0 <print_selected_keywords>
--- End Message ---
--- Begin Message ---
Source: game-music-emu
Source-Version: 0.6.2-1
We believe that the bug you reported is fixed in the latest version of
game-music-emu, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Sebastian Dröge <[email protected]> (supplier of updated game-music-emu package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 07 Dec 2017 10:03:19 +0200
Source: game-music-emu
Binary: libgme0 libgme-dev
Architecture: source amd64
Version: 0.6.2-1
Distribution: unstable
Urgency: high
Maintainer: Sebastian Dröge <[email protected]>
Changed-By: Sebastian Dröge <[email protected]>
Description:
libgme-dev - Playback library for video game music files - development files
libgme0 - Playback library for video game music files - shared library
Closes: 883691
Changes:
game-music-emu (0.6.2-1) unstable; urgency=high
.
* New upstream bugfix release
+ Fixes usage of negative size parameter passed to memcpy() on
specially crafted files (Closes: #883691, CVE-2017-17446).
Checksums-Sha1:
3906fa8bb3f4ab5a1ff2e5db02bce0afe8dbaedc 2006 game-music-emu_0.6.2-1.dsc
9047b774bd5623adae6f5412d02d70cf72070d8f 163052
game-music-emu_0.6.2.orig.tar.xz
64895464ccd872ceb9404f2c041942f04a403afd 4412
game-music-emu_0.6.2-1.debian.tar.xz
4196a540b5081d6a60756174c70164e2be6dac6c 7034
game-music-emu_0.6.2-1_amd64.buildinfo
64b182e774e6a7fe744b73ba0ce91dc13f523aee 7200 libgme-dev_0.6.2-1_amd64.deb
16f0749861d91fa43756de8ec2fae61b5d928d03 523196
libgme0-dbgsym_0.6.2-1_amd64.deb
e971f8c600f760b51f71419b4df186ec52162181 121372 libgme0_0.6.2-1_amd64.deb
Checksums-Sha256:
8359c17b8c7d7887b3d44a5ac4958e5456afbf816ba29e6713c1e4212dbe63eb 2006
game-music-emu_0.6.2-1.dsc
5046cb471d422dbe948b5f5dd4e5552aaef52a0899c4b2688e5a68a556af7342 163052
game-music-emu_0.6.2.orig.tar.xz
8ea69035bd72261ec85e5f0486707d448f7491733ae055040a9995cebb0ea820 4412
game-music-emu_0.6.2-1.debian.tar.xz
7e4c06927bbfd0eb821f99a4a3e81ec8515c5c43cd660354d4eb93e1997c1976 7034
game-music-emu_0.6.2-1_amd64.buildinfo
553722380afd04ce31062ad1716425cff64ca4ad243a6eb826e8cf3cecb8014c 7200
libgme-dev_0.6.2-1_amd64.deb
c75eb4f6db08e7cdee0fecfd058e5539f72dd2b229fb0bc0d51b582ef0c3577f 523196
libgme0-dbgsym_0.6.2-1_amd64.deb
5ca59f1b731b73c06aa9e232ca297e384f2712f691534dd7a539e91788dc3ac0 121372
libgme0_0.6.2-1_amd64.deb
Files:
f2d3efdea7a915c6a686ca8fbe89f78c 2006 sound optional game-music-emu_0.6.2-1.dsc
057ddaff2af5f8b4a7c8d11c45e1ea00 163052 sound optional
game-music-emu_0.6.2.orig.tar.xz
b47341322047701f4927cc29a477f1ac 4412 sound optional
game-music-emu_0.6.2-1.debian.tar.xz
fe67ac0197a9f2be5a67b9ea4b3f7f21 7034 sound optional
game-music-emu_0.6.2-1_amd64.buildinfo
2ea435a14c2f68ec355fcc678a598559 7200 libdevel optional
libgme-dev_0.6.2-1_amd64.deb
d8efdefac8a49dd526a690625bb49151 523196 debug optional
libgme0-dbgsym_0.6.2-1_amd64.deb
abc8c91ef0d22d01c64a9bf4eaf23e83 121372 libs optional libgme0_0.6.2-1_amd64.deb
-----BEGIN PGP SIGNATURE-----
iQKmBAEBCgCQFiEEf0vHzDygb5cza7/rBmjMFIbC17UFAloo+N9fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDdG
NEJDN0NDM0NBMDZGOTczMzZCQkZFQjA2NjhDQzE0ODZDMkQ3QjUSHHNsb21vQGNv
YXhpb24ubmV0AAoJEAZozBSGwte1MB4P/AgmkPdKiCR8F2SOYBQduLoubaXtXGRn
xVuv8EJFTduKSgqtH43PubYRJE3y22UDTDOUrtp9NgeB+P5ctnD6Fh5/odLAagoZ
TIcEsw3qdlNqwvqgo6oyFLwsBVbECJTeLGhnv/kAuZW3FPbyDjOhpwvSm27hWAjE
tnPTJp/iBFuaJ3fGsX51El5FksOEsQtMDFuDORETCu1XU9BE+R7DoDD/sj5YO28Q
3pMQUT2ujUSfpnsTAClPQ5ykJwinUxS3iugWO+OY39CZ7aIYc0WS+Xuu4JKRCO09
SLjl4D9Z9D89xanp/wEfXMZ3MweGBYqapaBvWrmIMwcdmK1cXbYrgLVZiN+yS9+5
bwZ+OB+WUBGxV7xTlwD3lTEB6tUroM7bQy/se6cS3WEPqzKBDs2MDXZYERSwJ2g0
Ve/v4UezDjKnMTeKNr6jHvwCyhaoDUPNKQ0F4x/oeMaVDxaspXUY+RjxdpLxovdF
6PBK7+m4GDpTTyi9M2BwNfNAa651aWxN3blNW0Hz1olqd7rpi0VxohQwjFW6TO5W
xBtUDy5x23t9AUzcHaRCktPWfhJzxK2yPEhsRqwXiYj7D0uQrcfYY6HUEAPh6S5/
GotbDEbZLwjNtUbtDDIytoCKC7dfipbjz+ORyAWA9STtq4Sv6zsMcPzoKIbbsl+K
xWENEThY9Ue6
=5zJf
-----END PGP SIGNATURE-----
--- End Message ---
