Bug#921977: stretch-pu: package unzip/6.0-21+deb9u1

Sun, 10 Feb 2019 12:06:42 -0800 

Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian....@packages.debian.org
Usertags: pu

Hello. Security team tells me this does not deserve a DSA but it's ok
for stable-proposed-updates.

(I know it's a little bit late for 9.8. Sorry for that, and no problem
if this is for 9.9 instead).

Debdiff below.

Thanks.

diff -Nru unzip-6.0/debian/changelog unzip-6.0/debian/changelog
--- unzip-6.0/debian/changelog  2016-12-11 21:03:30.000000000 +0100
+++ unzip-6.0/debian/changelog  2019-02-10 20:53:00.000000000 +0100
@@ -1,3 +1,10 @@
+unzip (6.0-21+deb9u1) stretch; urgency=medium
+
+  * Fix buffer overflow in password protected ZIP archives. Closes: #889838.
+    Patch borrowed from SUSE. For reference, this is CVE-2018-1000035.
+
+ -- Santiago Vila <sanv...@debian.org>  Sun, 10 Feb 2019 20:53:00 +0100
+
 unzip (6.0-21) unstable; urgency=medium
 
   * Rename all debian/patches/* to have .patch ending.
diff -Nru 
unzip-6.0/debian/patches/20-cve-2018-1000035-unzip-buffer-overflow.patch 
unzip-6.0/debian/patches/20-cve-2018-1000035-unzip-buffer-overflow.patch
--- unzip-6.0/debian/patches/20-cve-2018-1000035-unzip-buffer-overflow.patch    
1970-01-01 01:00:00.000000000 +0100
+++ unzip-6.0/debian/patches/20-cve-2018-1000035-unzip-buffer-overflow.patch    
2019-02-10 20:53:00.000000000 +0100
@@ -0,0 +1,35 @@
+From: Karol Babioch <kbabi...@suse.com>
+Subject: Fix buffer overflow in password protected zip archives
+Bug-Debian: https://bugs.debian.org/889838
+Origin: https://bugzilla.novell.com/attachment.cgi?id=759406
+
+--- a/fileio.c
++++ b/fileio.c
+@@ -1582,6 +1582,10 @@
+     int r = IZ_PW_ENTERED;
+     char *m;
+     char *prompt;
++    char *zfnf;
++    char *efnf;
++    size_t zfnfl;
++    int isOverflow;
+ 
+ #ifndef REENTRANT
+     /* tell picky compilers to shut up about "unused variable" warnings */
+@@ -1590,7 +1594,15 @@
+ 
+     if (*rcnt == 0) {           /* First call for current entry */
+         *rcnt = 2;
+-        if ((prompt = (char *)malloc(2*FILNAMSIZ + 15)) != (char *)NULL) {
++        zfnf = FnFilter1(zfn);
++        efnf = FnFilter2(efn);
++        zfnfl = strlen(zfnf);
++        isOverflow = TRUE;
++        if (2*FILNAMSIZ >= zfnfl && (2*FILNAMSIZ - zfnfl) >= strlen(efnf))
++        {
++              isOverflow = FALSE;
++        }
++        if ((isOverflow == FALSE) && ((prompt = (char *)malloc(2*FILNAMSIZ + 
15)) != (char *)NULL)) {
+             sprintf(prompt, LoadFarString(PasswPrompt),
+                     FnFilter1(zfn), FnFilter2(efn));
+             m = prompt;
diff -Nru unzip-6.0/debian/patches/series unzip-6.0/debian/patches/series
--- unzip-6.0/debian/patches/series     2016-12-11 20:00:00.000000000 +0100
+++ unzip-6.0/debian/patches/series     2019-02-10 20:51:54.000000000 +0100
@@ -17,3 +17,4 @@
 17-restore-unix-timestamps-accurately.patch
 18-cve-2014-9913-unzip-buffer-overflow.patch
 19-cve-2016-9844-zipinfo-buffer-overflow.patch
+20-cve-2018-1000035-unzip-buffer-overflow.patch

Reply via email to