Control: retitle -1 CVE-2017-11721: read buffer overflow in MSG_ReadBits
Control: tags -1 + upstream fixed-upstream patch
Control: forwarded -1

On Fri, 04 Aug 2017 at 16:30:46 +0200, Moritz Muehlenhoff wrote:
> Please see

I have fixed this in unstable with a newer upstream snapshot. I suspect
that the bug is also present in all older suites, but I have not had
time to research that. Any suite where the upstream commit cherry-picks
successfully is probably vulnerable.

I am travelling (to Debconf) and finishing writing a talk, so I will
be unable to address this in older suites for now. If someone from the
security or games team wants to prepare and upload a backport of the
commit referenced by MITRE, please go ahead. From the commit message
and a quick read through the code, my understanding is that only the
MSG_ReadBits side is security-sensitive, with the MSG_WriteBits side
being merely for correctness (the buffer overflow check is too
pessimistic and will sometimes report an overflow when there are in
fact a few bytes left); but I could be wrong, and taking the entire
commit is probably the safer option.

The debian/stretch and debian/jessie branches in should be up to
date, and that git repository also contains the upstream commit

Otherwise, I'll come back to this after I've given my my talk at Debconf,
assuming I can recruit someone running stable to smoke-test the new


Reply via email to