Package: release.debian.org Severity: normal Tags: stretch User: release.debian....@packages.debian.org Usertags: pu
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Stretch version of x11vnc has a couple of bugs that cause frequent crashes, which renders package hardly usable on some archiutectures (especially arm*). There are several bug reports in BTS related to this issue, including #851496, #859213. In sid this is fixed in 0.9.13-6 version, by applying patches from upstream. In ubuntu it is patched as well. I'm getting requests from users to get it fixed in stretch. Thus I'm asking to upload the below debdiff to stretch. Note that although bugs are formally buffer overflows, there is no known way to exploit them, and security team decided not to issue DSA on this. diff -Nru x11vnc-0.9.13/debian/changelog x11vnc-0.9.13/debian/changelog - - --- x11vnc-0.9.13/debian/changelog 2016-12-21 17:59:50.000000000 +0300 +++ x11vnc-0.9.13/debian/changelog 2018-05-07 23:13:43.000000000 +0300 @@ -1,3 +1,9 @@ +x11vnc (0.9.13-2+deb9u1) stretch; urgency=medium + + * Add two buffer overflow fixes from upstream. Closes: #851496, #859213. + + -- Nikita Yushchenko <yo...@debian.org> Mon, 07 May 2018 23:13:43 +0300 + x11vnc (0.9.13-2) unstable; urgency=medium * Add patches: diff -Nru x11vnc-0.9.13/debian/patches/fix-buffer-overflow-in-record_CW.patch x11vnc-0.9.13/debian/patches/fix-buffer-overflow-in-record_CW.patch - - --- x11vnc-0.9.13/debian/patches/fix-buffer-overflow-in-record_CW.patch 1970-01-01 03:00:00.000000000 +0300 +++ x11vnc-0.9.13/debian/patches/fix-buffer-overflow-in-record_CW.patch 2018-05-07 23:13:43.000000000 +0300 @@ -0,0 +1,11 @@ +--- a/x11vnc/xrecord.c ++++ b/x11vnc/xrecord.c +@@ -964,7 +964,7 @@ + data = (char *)req; + data += sz_xConfigureWindowReq; + +- for (i=0; i<req->length; i++) { ++ for (i = 0; i < req->length - sz_xConfigureWindowReq / 4 && i < 4; i++) { + unsigned int v; + /* + * We use unsigned int for the values. There were diff -Nru x11vnc-0.9.13/debian/patches/fix-buffer-overflow-in-snapshot_stack_list.patch x11vnc-0.9.13/debian/patches/fix-buffer-overflow-in-snapshot_stack_list.patch - - --- x11vnc-0.9.13/debian/patches/fix-buffer-overflow-in-snapshot_stack_list.patch 1970-01-01 03:00:00.000000000 +0300 +++ x11vnc-0.9.13/debian/patches/fix-buffer-overflow-in-snapshot_stack_list.patch 2018-05-07 23:13:43.000000000 +0300 @@ -0,0 +1,13 @@ +--- a/x11vnc/win_utils.c ++++ b/x11vnc/win_utils.c +@@ -262,8 +262,8 @@ + } + + last_snap = now; +- if (num > stack_list_len + blackouts) { +- int n = 2*num; ++ if (num + stack_list_len > blackouts) { ++ int n = 2 * (num + blackouts); + free(stack_list); + stack_list = (winattr_t *) malloc(n*sizeof(winattr_t)); + stack_list_len = n; diff -Nru x11vnc-0.9.13/debian/patches/series x11vnc-0.9.13/debian/patches/series - - --- x11vnc-0.9.13/debian/patches/series 2016-12-21 17:59:50.000000000 +0300 +++ x11vnc-0.9.13/debian/patches/series 2018-05-07 23:13:43.000000000 +0300 @@ -3,3 +3,5 @@ 10_usepkgconfig.diff do-not-run-dbus-launch.patch enforce-bash.patch +fix-buffer-overflow-in-snapshot_stack_list.patch +fix-buffer-overflow-in-record_CW.patch - -- System Information: Debian Release: 9.5 APT prefers stable-updates APT policy: (650, 'stable-updates'), (650, 'stable'), (620, 'testing'), (600, 'unstable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.9.0-7-amd64 (SMP w/8 CPU cores) Locale: LANG=ru_RU.UTF-8, LC_CTYPE=ru_RU.UTF-8 (charmap=UTF-8), LANGUAGE= (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Init: systemd (via /run/systemd/system) -----BEGIN PGP SIGNATURE----- iG8EARECAC8WIQQZpQMQRPJ0qhZ2HP2/fHk6yRMt2wUCW2reuBEceW91c2hAZGVi aWFuLm9yZwAKCRC/fHk6yRMt23CVAJ9/ros67MLQKMs4kfisZtJQY/VI9QCfVC0H yckFmhKBLXrjtTzUSFiekGM= =pDpi -----END PGP SIGNATURE-----