Your message dated Tue, 25 Jun 2019 17:34:15 +0000
with message-id <[email protected]>
and subject line unblock bzip2
has caused the Debian Bug report #931042,
regarding unblock: bzip2/1.0.6-9.1
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
931042: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931042
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: [email protected]
Usertags: unblock
Hi,
Please unblock package bzip2, it fixes CVE-2019-12900 (tracked as
#930886) in the BTS itself.
> bzip2 (1.0.6-9.1) unstable; urgency=high
>
> * Non-maintainer upload.
> * Make sure nSelectors is not out of range (CVE-2019-12900)
> (Closes: #930886)
AFAICS autopkgtest runs are still running, so we might want to wait
for the results before a possible unblock?
unblock bzip2/1.0.6-9.1
Regards,
Salvatore
diff -Nru bzip2-1.0.6/debian/changelog bzip2-1.0.6/debian/changelog
--- bzip2-1.0.6/debian/changelog 2018-08-14 21:28:22.000000000 +0200
+++ bzip2-1.0.6/debian/changelog 2019-06-24 22:15:37.000000000 +0200
@@ -1,3 +1,11 @@
+bzip2 (1.0.6-9.1) unstable; urgency=high
+
+ * Non-maintainer upload.
+ * Make sure nSelectors is not out of range (CVE-2019-12900)
+ (Closes: #930886)
+
+ -- Salvatore Bonaccorso <[email protected]> Mon, 24 Jun 2019 22:15:37 +0200
+
bzip2 (1.0.6-9) unstable; urgency=medium
[ Santiago Ruano Rincón ]
diff -Nru
bzip2-1.0.6/debian/patches/Make-sure-nSelectors-is-not-out-of-range.patch
bzip2-1.0.6/debian/patches/Make-sure-nSelectors-is-not-out-of-range.patch
--- bzip2-1.0.6/debian/patches/Make-sure-nSelectors-is-not-out-of-range.patch
1970-01-01 01:00:00.000000000 +0100
+++ bzip2-1.0.6/debian/patches/Make-sure-nSelectors-is-not-out-of-range.patch
2019-06-24 22:15:37.000000000 +0200
@@ -0,0 +1,34 @@
+From: Albert Astals Cid <[email protected]>
+Date: Tue, 28 May 2019 19:35:18 +0200
+Subject: Make sure nSelectors is not out of range
+Origin:
https://gitlab.com/federicomenaquintero/bzip2/commit/74de1e2e6ffc9d51ef9824db71a8ffee5962cdbc
+Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2019-12900
+Bug-Debian: https://bugs.debian.org/930886
+
+nSelectors is used in a loop from 0 to nSelectors to access selectorMtf
+which is
+ UChar selectorMtf[BZ_MAX_SELECTORS];
+so if nSelectors is bigger than BZ_MAX_SELECTORS it'll do an invalid memory
+access
+
+Fixes out of bounds access discovered while fuzzying karchive
+---
+ decompress.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/decompress.c b/decompress.c
+index ab6a624db17a..f3db91d14f6e 100644
+--- a/decompress.c
++++ b/decompress.c
+@@ -287,7 +287,7 @@ Int32 BZ2_decompress ( DState* s )
+ GET_BITS(BZ_X_SELECTOR_1, nGroups, 3);
+ if (nGroups < 2 || nGroups > 6) RETURN(BZ_DATA_ERROR);
+ GET_BITS(BZ_X_SELECTOR_2, nSelectors, 15);
+- if (nSelectors < 1) RETURN(BZ_DATA_ERROR);
++ if (nSelectors < 1 || nSelectors > BZ_MAX_SELECTORS)
RETURN(BZ_DATA_ERROR);
+ for (i = 0; i < nSelectors; i++) {
+ j = 0;
+ while (True) {
+--
+2.20.1
+
diff -Nru bzip2-1.0.6/debian/patches/series bzip2-1.0.6/debian/patches/series
--- bzip2-1.0.6/debian/patches/series 2018-08-13 13:29:27.000000000 +0200
+++ bzip2-1.0.6/debian/patches/series 2019-06-24 22:15:37.000000000 +0200
@@ -7,3 +7,4 @@
bzip2recover-CVE-2016-3189.patch
bzdiff-tmpdir-spaces.diff
40-bzdiff-l.patch
+Make-sure-nSelectors-is-not-out-of-range.patch
--- End Message ---
--- Begin Message ---
Unblocked bzip2.
--- End Message ---
