Your message dated Thu, 17 May 2018 18:10:21 +0000
with message-id <e1fjnm5-000dcx...@fasolo.debian.org>
and subject line Bug#863156: fixed in lrzip 0.631+git180517-1
has caused the Debian Bug report #863156,
regarding lrzip: CVE-2017-8842: divide-by-zero in bufRead::get
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
863156: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863156
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: lrzip
Version: 0.631-1
Severity: important
Tags: upstream security
Forwarded: https://github.com/ckolivas/lrzip/issues/66

Hi,

the following vulnerability was published for lrzip.

CVE-2017-8842[0]:
| The bufRead::get() function in libzpaq/libzpaq.h in liblrzip.so in
| lrzip 0.631 allows remote attackers to cause a denial of service
| (divide-by-zero error and application crash) via a crafted archive.

ASAN_OPTIONS="detect_leaks=0" ./lrzip -t /root/poc/00228-lrzip-fpe-bufRead-get 
Decompressing...
ASAN:DEADLYSIGNAL
=================================================================
==14170==ERROR: AddressSanitizer: FPE on unknown address 0x000000459dca (pc 
0x000000459dca bp 0x7f0defc37a90 sp 0x7f0defc37a70 T1)
    #0 0x459dc9 in bufRead::get() libzpaq/libzpaq.h:468
    #1 0x44de34 in libzpaq::Decompresser::findBlock(double*) 
libzpaq/libzpaq.cpp:1236
    #2 0x44e45b in libzpaq::decompress(libzpaq::Reader*, libzpaq::Writer*) 
libzpaq/libzpaq.cpp:1363
    #3 0x445c2c in zpaq_decompress libzpaq/libzpaq.h:538
    #4 0x428c2e in zpaq_decompress_buf stream.c:453
    #5 0x430e60 in ucompthread stream.c:1534
    #6 0x7f0e456a6493 in start_thread 
(/lib/x86_64-linux-gnu/libpthread.so.0+0x7493)
    #7 0x7f0e44b4c93e in __clone (/lib/x86_64-linux-gnu/libc.so.6+0xe893e)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: FPE libzpaq/libzpaq.h:468 in bufRead::get()
Thread T1 created by T0 here:
    #0 0x7f0e45f38f59 in __interceptor_pthread_create 
(/usr/lib/x86_64-linux-gnu/libasan.so.3+0x30f59)
    #1 0x4267f8 in create_pthread stream.c:133
    #2 0x4325f0 in fill_buffer stream.c:1673
    #3 0x4333d5 in read_stream stream.c:1755
    #4 0x421d21 in read_u8 runzip.c:55
    #5 0x422983 in read_header runzip.c:144
    #6 0x423fd2 in runzip_chunk runzip.c:314
    #7 0x4244a8 in runzip_fd runzip.c:382
    #8 0x411378 in decompress_file lrzip.c:826
    #9 0x409b39 in main main.c:669
    #10 0x7f0e44a842b0 in __libc_start_main 
(/lib/x86_64-linux-gnu/libc.so.6+0x202b0)

==14170==ABORTING

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-8842
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8842
[1] https://github.com/ckolivas/lrzip/issues/66

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

--- End Message ---
--- Begin Message ---
Source: lrzip
Source-Version: 0.631+git180517-1

We believe that the bug you reported is fixed in the latest version of
lrzip, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 863...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Laszlo Boszormenyi (GCS) <g...@debian.org> (supplier of updated lrzip package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Thu, 17 May 2018 15:42:06 +0000
Source: lrzip
Binary: lrzip
Architecture: source amd64
Version: 0.631+git180517-1
Distribution: unstable
Urgency: high
Maintainer: Laszlo Boszormenyi (GCS) <g...@debian.org>
Changed-By: Laszlo Boszormenyi (GCS) <g...@debian.org>
Description:
 lrzip      - compression program with a very high compression ratio
Closes: 863145 863150 863151 863153 863155 863156 866020 866022 887065 888506 
897645 898451
Changes:
 lrzip (0.631+git180517-1) unstable; urgency=high
 .
   * Git snapshot release to fix security issues:
     - CVE-2017-8842: divide-by-zero in bufRead::get() (closes: #863156),
     - CVE-2017-8843: NULL pointer dereference in join_pthread()
       (closes: #863155),
     - CVE-2017-8844: heap-based buffer overflow write in read_1g()
       (closes: #863153),
     - CVE-2017-8845: invalid memory read in lzo_decompress_buf()
       (closes: #863151),
     - CVE-2017-8846: use-after-free in read_stream() (closes: #863150),
     - CVE-2017-8847: NULL pointer dereference in bufRead::get()
       (closes: #863145),
     - CVE-2017-9928: stack buffer overflow in get_fileinfo() (closes: #866022),
     - CVE-2017-9929: another stack buffer overflow in get_fileinfo()
       (closes: #866020),
     - CVE-2018-5650: infinite loop from crafted/corrupt archive in
       unzip_match() (closes: #887065),
     - CVE-2018-5747: use-after-free in ucompthread() (closes: #898451),
     - CVE-2018-5786: infinite loop in get_fileinfo() (closes: #888506),
     - CVE-2018-9058: infinite loop in runzip_fd() ,
     - CVE-2018-10685: use-after-free in lzma_decompress_buf()
       (closes: #897645).
   * Update homepage location.
   * Update debhelper level to 11:
     - don't need dh_installman anymore,
     - remove dh-autoreconf build dependency,
     - remove autotools-dev build dependency.
   * Update Standards-Version to 4.1.4 .
Checksums-Sha1:
 55c93759cf16e87ae9d56738e982f07396de915c 1833 lrzip_0.631+git180517-1.dsc
 49d52bb9edc1524469d618cbe867560c8d704060 200660 
lrzip_0.631+git180517.orig.tar.xz
 3fbd5121440aee6c9a26fe2e53c0a7e42f095781 7688 
lrzip_0.631+git180517-1.debian.tar.xz
 8ac6130b8ceea862a54b253ffc17ebfc79b0cdb2 606280 
lrzip-dbgsym_0.631+git180517-1_amd64.deb
 f79257b587a3fe3594f79400906d19018b352df5 6826 
lrzip_0.631+git180517-1_amd64.buildinfo
 c10d6d80eaba467bd8472a836ee192dae21edf17 258876 
lrzip_0.631+git180517-1_amd64.deb
Checksums-Sha256:
 18876a30fba64e3e5730a4ecf55687b762d50629a6c7dac52273cfb028b1ec3b 1833 
lrzip_0.631+git180517-1.dsc
 9e96b797efb4e908a2412c4e287fd42e766def638e8126cd306397d572a176ef 200660 
lrzip_0.631+git180517.orig.tar.xz
 176d38dd20bc9335562b1102d9c907f8bc33922ba07b9dada2461da73fc64c28 7688 
lrzip_0.631+git180517-1.debian.tar.xz
 e58240fcd0eef1f3f7738b35ac6c81722f0b805b1e7639100a42ba3b335bd174 606280 
lrzip-dbgsym_0.631+git180517-1_amd64.deb
 748dfdf17c6cc651a9a97116429615bf4fbc2449c41bac4b57ccd1ccf9c1453e 6826 
lrzip_0.631+git180517-1_amd64.buildinfo
 0cd786cf86077e91fba4fc4944ea987643bb98459fa9f76a73ff9c5fd09a146b 258876 
lrzip_0.631+git180517-1_amd64.deb
Files:
 e9c146c5bc64bebe67a2ae4599ffbf49 1833 utils optional 
lrzip_0.631+git180517-1.dsc
 cd554ed96a3e4a4d02231df70879b842 200660 utils optional 
lrzip_0.631+git180517.orig.tar.xz
 0e8c44a78604f83544d5f6a0ef79485a 7688 utils optional 
lrzip_0.631+git180517-1.debian.tar.xz
 32e3570a65a39477911f384fedae8dc1 606280 debug optional 
lrzip-dbgsym_0.631+git180517-1_amd64.deb
 4ed5c1db1b8ab0a27fa4b84ebbfe3aa8 6826 utils optional 
lrzip_0.631+git180517-1_amd64.buildinfo
 04db0b66b329ea490835728f5244be53 258876 utils optional 
lrzip_0.631+git180517-1_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEfYh9yLp7u6e4NeO63OMQ54ZMyL8FAlr9wB8ACgkQ3OMQ54ZM
yL90exAAkBIFwgAn2LJ58/BKFZ5jhndecOTJFQhWJ4G+N/ucDsp7Kf6S9h3DyxFJ
EH5DHVFD07psF1ieGAieEvg58NpO6Nf7HAFFwtJdnoZ60p2LUe160Dum6sWdVTm7
gAxJdxoIXKVUy43wRbrMgGHfkq+QoS04VLrxEND+UW1i1Vkb6cOgZXhVbcMhPEfb
pFoWNJtRT3WdEcIOgx8YFh2uaeFXMdcEWnda/OD5JDF4Wu2se53PLRJ2zj7GNtVb
BNpPcyoTuOusxe965RNFzubIBrBchpJz8EtacdLt9lTZBY8VmKGnktR3ocIsLNIm
f6LqxYbyWlyMBJo/QkIZ/DiQLFxNGzk5O5SARGMd1CduqTzj3sQyyXbQJuoO5VTy
yxjBevSuCTx3LYJaE5H5zKvDhmfnDYioD1NGMho0SN3m3K8A1H/UjNhrgMmb44Ip
5buadpsgH4vZJ6RAe+uwuxjp9sj4/P9LLV+PY3xy1fregQPUxuOQVcdcEtzCJd4N
+PHyZxAQOnH11BUj8WaAyyRK4JtrlqLQwm1EkjVCOAc55Z0FzM6VxwBAo/IkYvt1
VOWz20STbPoDycahnygADU57KBdQEm+X3FkTS2LKKXJSd3j/go2zG274ihqjaFQJ
BNDnbJVx0UIrapmUHva7Dfu+WbCHScRRGWfGj0OtVG9dwKMGunw=
=HAH8
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to