Your message dated Sat, 10 Nov 2018 10:42:56 +0000
with message-id <1541846576.3542.38.ca...@adam-barratt.org.uk>
and subject line Closing bugs for updates included in 9.6
has caused the Debian Bug report #905712,
regarding stretch-pu: package x11vnc/0.9.13-2
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
905712: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=905712
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian....@packages.debian.org
Usertags: pu

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Stretch version of x11vnc has a couple of bugs that cause frequent
crashes, which renders package hardly usable on some archiutectures
(especially arm*).

There are several bug reports in BTS related to this issue, including
#851496, #859213.

In sid this is fixed in 0.9.13-6 version, by applying patches from
upstream.

In ubuntu it is patched as well.

I'm getting requests from users to get it fixed in stretch.
Thus I'm asking to upload the below debdiff to stretch.

Note that although bugs are formally buffer overflows, there is no known
way to exploit them, and security team decided not to issue DSA on this.


diff -Nru x11vnc-0.9.13/debian/changelog x11vnc-0.9.13/debian/changelog
- - --- x11vnc-0.9.13/debian/changelog      2016-12-21 17:59:50.000000000 +0300
+++ x11vnc-0.9.13/debian/changelog      2018-05-07 23:13:43.000000000 +0300
@@ -1,3 +1,9 @@
+x11vnc (0.9.13-2+deb9u1) stretch; urgency=medium
+
+  * Add two buffer overflow fixes from upstream. Closes: #851496, #859213.
+
+ -- Nikita Yushchenko <yo...@debian.org>  Mon, 07 May 2018 23:13:43 +0300
+
 x11vnc (0.9.13-2) unstable; urgency=medium
 
   * Add patches:
diff -Nru x11vnc-0.9.13/debian/patches/fix-buffer-overflow-in-record_CW.patch 
x11vnc-0.9.13/debian/patches/fix-buffer-overflow-in-record_CW.patch
- - --- x11vnc-0.9.13/debian/patches/fix-buffer-overflow-in-record_CW.patch 
1970-01-01 03:00:00.000000000 +0300
+++ x11vnc-0.9.13/debian/patches/fix-buffer-overflow-in-record_CW.patch 
2018-05-07 23:13:43.000000000 +0300
@@ -0,0 +1,11 @@
+--- a/x11vnc/xrecord.c
++++ b/x11vnc/xrecord.c
+@@ -964,7 +964,7 @@
+       data = (char *)req;
+       data += sz_xConfigureWindowReq;
+ 
+-      for (i=0; i<req->length; i++) {
++      for (i = 0; i < req->length - sz_xConfigureWindowReq / 4 && i < 4; i++) 
{
+               unsigned int v;
+               /*
+                * We use unsigned int for the values.  There were
diff -Nru 
x11vnc-0.9.13/debian/patches/fix-buffer-overflow-in-snapshot_stack_list.patch 
x11vnc-0.9.13/debian/patches/fix-buffer-overflow-in-snapshot_stack_list.patch
- - --- 
x11vnc-0.9.13/debian/patches/fix-buffer-overflow-in-snapshot_stack_list.patch   
    1970-01-01 03:00:00.000000000 +0300
+++ 
x11vnc-0.9.13/debian/patches/fix-buffer-overflow-in-snapshot_stack_list.patch   
    2018-05-07 23:13:43.000000000 +0300
@@ -0,0 +1,13 @@
+--- a/x11vnc/win_utils.c
++++ b/x11vnc/win_utils.c
+@@ -262,8 +262,8 @@
+       }
+ 
+       last_snap = now;
+-      if (num > stack_list_len + blackouts) {
+-              int n = 2*num;
++      if (num + stack_list_len > blackouts) {
++              int n = 2 * (num + blackouts);
+               free(stack_list);
+               stack_list = (winattr_t *) malloc(n*sizeof(winattr_t));
+               stack_list_len = n;
diff -Nru x11vnc-0.9.13/debian/patches/series 
x11vnc-0.9.13/debian/patches/series
- - --- x11vnc-0.9.13/debian/patches/series 2016-12-21 17:59:50.000000000 +0300
+++ x11vnc-0.9.13/debian/patches/series 2018-05-07 23:13:43.000000000 +0300
@@ -3,3 +3,5 @@
 10_usepkgconfig.diff
 do-not-run-dbus-launch.patch
 enforce-bash.patch
+fix-buffer-overflow-in-snapshot_stack_list.patch
+fix-buffer-overflow-in-record_CW.patch


- -- System Information:
Debian Release: 9.5
  APT prefers stable-updates
  APT policy: (650, 'stable-updates'), (650, 'stable'), (620, 'testing'), (600, 
'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.9.0-7-amd64 (SMP w/8 CPU cores)
Locale: LANG=ru_RU.UTF-8, LC_CTYPE=ru_RU.UTF-8 (charmap=UTF-8), LANGUAGE= 
(charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Init: systemd (via /run/systemd/system)

-----BEGIN PGP SIGNATURE-----

iG8EARECAC8WIQQZpQMQRPJ0qhZ2HP2/fHk6yRMt2wUCW2reuBEceW91c2hAZGVi
aWFuLm9yZwAKCRC/fHk6yRMt23CVAJ9/ros67MLQKMs4kfisZtJQY/VI9QCfVC0H
yckFmhKBLXrjtTzUSFiekGM=
=pDpi
-----END PGP SIGNATURE-----

--- End Message ---
--- Begin Message ---
Version: 9.6

Hi,

The update referenced by each of these bugs was included in this
morning's stretch point release.

Regards,

Adam

--- End Message ---

Reply via email to