Bug#895537: marked as done (stretch-pu: package libopenmpt/0.2.7386~beta20.3-3+deb9u3)

Sat, 10 Nov 2018 02:46:33 -0800 

Your message dated Sat, 10 Nov 2018 10:42:56 +0000
with message-id <[email protected]>
and subject line Closing bugs for updates included in 9.6
has caused the Debian Bug report #895537,
regarding stretch-pu: package libopenmpt/0.2.7386~beta20.3-3+deb9u3
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
895537: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=895537
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: release.debian.org
User: [email protected]
Usertags: pu
Tags: stretch
Severity: normal

Hi,

This fixes CVE-2018-10017 which is a security bug tagged as "no-DSA" by
the security team.

The fix is quite simple and looks correct to me. I've done some testing
to make sure things still work after this update.

Thanks,
James

-- System Information:
Debian Release: buster/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1,
'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 4.15.0-1-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8),
LANGUAGE=en_GB:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

diff -Nru libopenmpt-0.2.7386~beta20.3/debian/changelog 
libopenmpt-0.2.7386~beta20.3/debian/changelog
--- libopenmpt-0.2.7386~beta20.3/debian/changelog       2017-07-15 
18:33:57.000000000 +0100
+++ libopenmpt-0.2.7386~beta20.3/debian/changelog       2018-04-12 
10:14:53.000000000 +0100
@@ -1,3 +1,10 @@
+libopenmpt (0.2.7386~beta20.3-3+deb9u3) stretch; urgency=medium
+
+  * Add patch to fix CVE-2018-10017 (Closes: #895406).
+    - up11: Out-of-bounds read loading IT / MO3 files with many pattern loops.
+
+ -- James Cowgill <[email protected]>  Thu, 12 Apr 2018 10:14:53 +0100
+
 libopenmpt (0.2.7386~beta20.3-3+deb9u2) stretch; urgency=medium
 
   * Add security patches (Closes: #867579).
diff -Nru libopenmpt-0.2.7386~beta20.3/debian/patches/series 
libopenmpt-0.2.7386~beta20.3/debian/patches/series
--- libopenmpt-0.2.7386~beta20.3/debian/patches/series  2017-07-15 
16:49:37.000000000 +0100
+++ libopenmpt-0.2.7386~beta20.3/debian/patches/series  2018-04-12 
10:13:10.000000000 +0100
@@ -6,3 +6,4 @@
 up6-invalid-memory-read-when-applying-nnas-to-effect-plugins.patch
 up8-out-of-bounds-read-plm.patch
 up10-heap-buffer-overflow-in-sample-loading-from-malformed-files-psm.patch
+up11-out-of-bounds-read-it-itp-mo3.patch
diff -Nru 
libopenmpt-0.2.7386~beta20.3/debian/patches/up11-out-of-bounds-read-it-itp-mo3.patch
 
libopenmpt-0.2.7386~beta20.3/debian/patches/up11-out-of-bounds-read-it-itp-mo3.patch
--- 
libopenmpt-0.2.7386~beta20.3/debian/patches/up11-out-of-bounds-read-it-itp-mo3.patch
        1970-01-01 01:00:00.000000000 +0100
+++ 
libopenmpt-0.2.7386~beta20.3/debian/patches/up11-out-of-bounds-read-it-itp-mo3.patch
        2018-04-12 10:14:53.000000000 +0100
@@ -0,0 +1,20 @@
+Description: Fix CVE-2018-10017
+ See 
https://lib.openmpt.org/libopenmpt/2018/04/08/security-updates-0.3.8-0.2-beta31-0.2.7561-beta20.5-p8-0.2.7386-beta20.3-p11/
+ Fix possible out-of-bounds memory read with IT and MO3 files containing many
+ nested pattern loops.
+Origin: upstream, 
https://source.openmpt.org/browse/openmpt?op=revision&rev=10042
+Bug-Debian: https://bugs.debian.org/895406
+---
+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
+--- a/soundlib/Snd_fx.cpp
++++ b/soundlib/Snd_fx.cpp
+@@ -1042,7 +1042,8 @@ std::vector<GetLengthType> CSoundFile::G
+                       if(GetType() == MOD_TYPE_IT)
+                       {
+                               // IT pattern loop start row update - at the 
end of a pattern loop, set pattern loop start to next row (for upcoming pattern 
loops with missing SB0)
+-                              for(CHANNELINDEX nChn = 0; nChn < 
GetNumChannels(); nChn++)
++                              pChn = memory.state.Chn;
++                              for(CHANNELINDEX nChn = 0; nChn < 
GetNumChannels(); nChn++, pChn++)
+                               {
+                                       if((pChn->rowCommand.command == 
CMD_S3MCMDEX && pChn->rowCommand.param >= 0xB1 && pChn->rowCommand.param <= 
0xBF))
+                                       {

Attachment: signature.asc
Description: OpenPGP digital signature


--- End Message ---
--- Begin Message --- 
Version: 9.6

Hi,

The update referenced by each of these bugs was included in this
morning's stretch point release.

Regards,

Adam

--- End Message ---

Reply via email to