Your message dated Thu, 18 Apr 2019 13:26:00 +0000
with message-id <[email protected]>
and subject line Re: Bug#927360: unblock: dovecot/1:2.3.4.1-4
has caused the Debian Bug report #927360,
regarding unblock: dovecot/1:2.3.4.1-4
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
927360: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927360
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: [email protected]
Usertags: unblock
Please unblock package dovecot
Dovecot 1:2.3.4.1-4, already in unstable, fixes a crash related to
processing of invalid external input. The issue is known as
CVE-2019-10691[1], and was fixed in the Debian package by backporting
the upstream fix.
Full source debdiff attached.
Regards,
Apollon
[1] https://dovecot.org/pipermail/dovecot/2019-April/115687.html
unblock dovecot/1:2.3.4.1-4
diff -Nru dovecot-2.3.4.1/debian/changelog dovecot-2.3.4.1/debian/changelog
--- dovecot-2.3.4.1/debian/changelog 2019-03-25 23:06:01.000000000 +0200
+++ dovecot-2.3.4.1/debian/changelog 2019-04-18 10:21:19.000000000 +0300
@@ -1,3 +1,9 @@
+dovecot (1:2.3.4.1-4) unstable; urgency=high
+
+ * [d04d4ba] Fix assert-crash in JSON encoder (CVE-2019-10691)
+
+ -- Apollon Oikonomopoulos <[email protected]> Thu, 18 Apr 2019 10:21:19
+0300
+
dovecot (1:2.3.4.1-3) unstable; urgency=high
* [07c9212] Fix two buffer overflows when reading oversized FTS headers
diff -Nru dovecot-2.3.4.1/debian/patches/CVE-2019-10691
dovecot-2.3.4.1/debian/patches/CVE-2019-10691
--- dovecot-2.3.4.1/debian/patches/CVE-2019-10691 1970-01-01
02:00:00.000000000 +0200
+++ dovecot-2.3.4.1/debian/patches/CVE-2019-10691 2019-04-18
10:21:19.000000000 +0300
@@ -0,0 +1,66 @@
+From 973769d74433de3c56c4ffdf4f343cb35d98e4f7 Mon Sep 17 00:00:00 2001
+From: Aki Tuomi <[email protected]>
+Date: Tue, 2 Apr 2019 13:09:48 +0300
+Subject: [PATCH 1/2] lib: json - Escape invalid UTF-8 as unicode bytes
+
+This prevents dovecot from crashing if invalid UTF-8 input
+is given.
+---
+ src/lib/json-parser.c | 12 ++++++++----
+ src/lib/test-json-parser.c | 8 ++++----
+ 2 files changed, 12 insertions(+), 8 deletions(-)
+
+diff --git a/src/lib/json-parser.c b/src/lib/json-parser.c
+index 677091d64..e7846a329 100644
+--- a/src/lib/json-parser.c
++++ b/src/lib/json-parser.c
+@@ -803,9 +803,13 @@ void json_append_escaped_data(string_t *dest, const
unsigned char *src, size_t s
+
+ for (i = 0; i < size;) {
+ bytes = uni_utf8_get_char_n(src+i, size-i, &chr);
+- /* refuse to add invalid data */
+- i_assert(bytes > 0 && uni_is_valid_ucs4(chr));
+- json_append_escaped_ucs4(dest, chr);
+- i += bytes;
++ if (bytes > 0 && uni_is_valid_ucs4(chr)) {
++ json_append_escaped_ucs4(dest, chr);
++ i += bytes;
++ } else {
++ str_append_data(dest, UNICODE_REPLACEMENT_CHAR_UTF8,
++ UTF8_REPLACEMENT_CHAR_LEN);
++ i++;
++ }
+ }
+ }
+diff --git a/src/lib/test-json-parser.c b/src/lib/test-json-parser.c
+index bae6fb202..9ce1e489b 100644
+--- a/src/lib/test-json-parser.c
++++ b/src/lib/test-json-parser.c
+@@ -267,20 +267,20 @@ static void test_json_append_escaped(void)
+ string_t *str = t_str_new(32);
+
+ test_begin("json_append_escaped()");
+- json_append_escaped(str,
"\b\f\r\n\t\"\\\001\002-\xC3\xA4\xf0\x90\x90\xb7");
+- test_assert(strcmp(str_c(str),
"\\b\\f\\r\\n\\t\\\"\\\\\\u0001\\u0002-\\u00e4\\ud801\\udc37") == 0);
++ json_append_escaped(str,
"\b\f\r\n\t\"\\\001\002-\xC3\xA4\xf0\x90\x90\xb7\xff");
++ test_assert(strcmp(str_c(str),
"\\b\\f\\r\\n\\t\\\"\\\\\\u0001\\u0002-\\u00e4\\ud801\\udc37"
UNICODE_REPLACEMENT_CHAR_UTF8) == 0);
+ test_end();
+ }
+
+ static void test_json_append_escaped_data(void)
+ {
+ static const unsigned char test_input[] =
+- "\b\f\r\n\t\"\\\000\001\002-\xC3\xA4\xf0\x90\x90\xb7";
++ "\b\f\r\n\t\"\\\000\001\002-\xC3\xA4\xf0\x90\x90\xb7\xff";
+ string_t *str = t_str_new(32);
+
+ test_begin("json_append_escaped()");
+ json_append_escaped_data(str, test_input, sizeof(test_input)-1);
+- test_assert(strcmp(str_c(str),
"\\b\\f\\r\\n\\t\\\"\\\\\\u0000\\u0001\\u0002-\\u00e4\\ud801\\udc37") == 0);
++ test_assert(strcmp(str_c(str),
"\\b\\f\\r\\n\\t\\\"\\\\\\u0000\\u0001\\u0002-\\u00e4\\ud801\\udc37"
UNICODE_REPLACEMENT_CHAR_UTF8) == 0);
+ test_end();
+ }
+
+--
+2.11.0
+
diff -Nru dovecot-2.3.4.1/debian/patches/series
dovecot-2.3.4.1/debian/patches/series
--- dovecot-2.3.4.1/debian/patches/series 2019-03-25 23:06:01.000000000
+0200
+++ dovecot-2.3.4.1/debian/patches/series 2019-04-18 10:21:19.000000000
+0300
@@ -10,4 +10,5 @@
lib-master-test-event-stats-Use-PRIu64-format.patch
avoid-double-closing-mysql.patch
CVE-2019-7524
+CVE-2019-10691
debian-changes
signature.asc
Description: PGP signature
--- End Message ---
--- Begin Message ---
Apollon Oikonomopoulos:
> Package: release.debian.org
> Severity: normal
> User: [email protected]
> Usertags: unblock
>
> Please unblock package dovecot
>
> Dovecot 1:2.3.4.1-4, already in unstable, fixes a crash related to
> processing of invalid external input. The issue is known as
> CVE-2019-10691[1], and was fixed in the Debian package by backporting
> the upstream fix.
>
> Full source debdiff attached.
>
> Regards,
> Apollon
>
> [1] https://dovecot.org/pipermail/dovecot/2019-April/115687.html
>
> unblock dovecot/1:2.3.4.1-4
>
Unblocked, thanks.
~Niels
--- End Message ---
