Your message dated Sat, 27 Mar 2021 10:26:45 +0000
with message-id
<702e3cb8159c9986264e966af79023672688a8a4.ca...@adam-barratt.org.uk>
and subject line Closing p-u requests for fixes included in 10.9 point release
has caused the Debian Bug report #983918,
regarding buster-pu: package libbsd/0.9.1-2
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
983918: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=983918
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: release.debian.org
User: [email protected]
Usertags: pu
Tags: buster
Severity: normal
CVE-2019-20367 (no DSA) has been fixed for stretch in 0.8.3-1+deb9u1 and
for bullseye, sid with version 0.10.0-1
Buster has been left out from the patches, and since the patch is
trivial, I propose to apply it for buster too
diff -Nru libbsd-0.9.1/debian/changelog libbsd-0.9.1/debian/changelog
--- libbsd-0.9.1/debian/changelog 2019-02-25 01:33:03.000000000 +0100
+++ libbsd-0.9.1/debian/changelog 2021-03-03 12:03:12.000000000 +0100
@@ -1,3 +1,12 @@
+libbsd (0.9.1-2+deb10u1) buster; urgency=medium
+
+ * Non-maintainer upload.
+ * CVE-2019-20367
+ A non-NUL terminated symbol name in the string table might
+ result in a out-of-bounds read.
+
+ -- Gianfranco Costamagna <[email protected]> Wed, 03 Mar 2021
12:03:12 +0100
+
libbsd (0.9.1-2) unstable; urgency=medium
* Perform a proper and correct /usr-merge transition by moving the package
diff -Nru libbsd-0.9.1/debian/patches/CVE-2019-20367.patch
libbsd-0.9.1/debian/patches/CVE-2019-20367.patch
--- libbsd-0.9.1/debian/patches/CVE-2019-20367.patch 1970-01-01
01:00:00.000000000 +0100
+++ libbsd-0.9.1/debian/patches/CVE-2019-20367.patch 2021-03-03
12:00:40.000000000 +0100
@@ -0,0 +1,42 @@
+From 9d917aad37778a9f4a96ba358415f077f3f36f3b Mon Sep 17 00:00:00 2001
+From: Guillem Jover <[email protected]>
+Date: Wed, 7 Aug 2019 22:58:30 +0200
+Subject: [PATCH] nlist: Fix out-of-bounds read on strtab
+
+When doing a string comparison for a symbol name from the string table,
+we should make sure we do a bounded comparison, otherwise a non-NUL
+terminated string might make the code read out-of-bounds.
+
+Warned-by: coverity
+---
+ src/nlist.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/src/nlist.c b/src/nlist.c
+index 8aa46a2..228c220 100644
+--- a/src/nlist.c
++++ b/src/nlist.c
+@@ -227,16 +227,18 @@ __fdnlist(int fd, struct nlist *list)
+ symsize -= cc;
+ for (s = sbuf; cc > 0 && nent > 0; ++s, cc -= sizeof(*s)) {
+ char *name;
++ Elf_Word size;
+ struct nlist *p;
+
+ name = strtab + s->st_name;
+ if (name[0] == '\0')
+ continue;
++ size = symstrsize - s->st_name;
+
+ for (p = list; !ISLAST(p); p++) {
+ if ((p->n_un.n_name[0] == '_' &&
+- strcmp(name, p->n_un.n_name+1) == 0)
+- || strcmp(name, p->n_un.n_name) == 0) {
++ strncmp(name, p->n_un.n_name+1, size) ==
0) ||
++ strncmp(name, p->n_un.n_name, size) == 0) {
+ elf_sym_to_nlist(p, s, shdr,
+ ehdr.e_shnum);
+ if (--nent <= 0)
+--
+GitLab
+
diff -Nru libbsd-0.9.1/debian/patches/series libbsd-0.9.1/debian/patches/series
--- libbsd-0.9.1/debian/patches/series 1970-01-01 01:00:00.000000000 +0100
+++ libbsd-0.9.1/debian/patches/series 2021-03-03 12:01:48.000000000 +0100
@@ -0,0 +1 @@
+CVE-2019-20367.patch
diff -Nru libbsd-0.9.1/debian/changelog libbsd-0.9.1/debian/changelog
--- libbsd-0.9.1/debian/changelog 2019-02-25 01:33:03.000000000 +0100
+++ libbsd-0.9.1/debian/changelog 2021-03-03 12:03:12.000000000 +0100
@@ -1,3 +1,12 @@
+libbsd (0.9.1-2+deb10u1) buster; urgency=medium
+
+ * Non-maintainer upload.
+ * CVE-2019-20367
+ A non-NUL terminated symbol name in the string table might
+ result in a out-of-bounds read.
+
+ -- Gianfranco Costamagna <[email protected]> Wed, 03 Mar 2021
12:03:12 +0100
+
libbsd (0.9.1-2) unstable; urgency=medium
* Perform a proper and correct /usr-merge transition by moving the package
diff -Nru libbsd-0.9.1/debian/patches/CVE-2019-20367.patch
libbsd-0.9.1/debian/patches/CVE-2019-20367.patch
--- libbsd-0.9.1/debian/patches/CVE-2019-20367.patch 1970-01-01
01:00:00.000000000 +0100
+++ libbsd-0.9.1/debian/patches/CVE-2019-20367.patch 2021-03-03
12:00:40.000000000 +0100
@@ -0,0 +1,42 @@
+From 9d917aad37778a9f4a96ba358415f077f3f36f3b Mon Sep 17 00:00:00 2001
+From: Guillem Jover <[email protected]>
+Date: Wed, 7 Aug 2019 22:58:30 +0200
+Subject: [PATCH] nlist: Fix out-of-bounds read on strtab
+
+When doing a string comparison for a symbol name from the string table,
+we should make sure we do a bounded comparison, otherwise a non-NUL
+terminated string might make the code read out-of-bounds.
+
+Warned-by: coverity
+---
+ src/nlist.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/src/nlist.c b/src/nlist.c
+index 8aa46a2..228c220 100644
+--- a/src/nlist.c
++++ b/src/nlist.c
+@@ -227,16 +227,18 @@ __fdnlist(int fd, struct nlist *list)
+ symsize -= cc;
+ for (s = sbuf; cc > 0 && nent > 0; ++s, cc -= sizeof(*s)) {
+ char *name;
++ Elf_Word size;
+ struct nlist *p;
+
+ name = strtab + s->st_name;
+ if (name[0] == '\0')
+ continue;
++ size = symstrsize - s->st_name;
+
+ for (p = list; !ISLAST(p); p++) {
+ if ((p->n_un.n_name[0] == '_' &&
+- strcmp(name, p->n_un.n_name+1) == 0)
+- || strcmp(name, p->n_un.n_name) == 0) {
++ strncmp(name, p->n_un.n_name+1, size) ==
0) ||
++ strncmp(name, p->n_un.n_name, size) == 0) {
+ elf_sym_to_nlist(p, s, shdr,
+ ehdr.e_shnum);
+ if (--nent <= 0)
+--
+GitLab
+
diff -Nru libbsd-0.9.1/debian/patches/series libbsd-0.9.1/debian/patches/series
--- libbsd-0.9.1/debian/patches/series 1970-01-01 01:00:00.000000000 +0100
+++ libbsd-0.9.1/debian/patches/series 2021-03-03 12:01:48.000000000 +0100
@@ -0,0 +1 @@
+CVE-2019-20367.patch
--- End Message ---
--- Begin Message ---
Package: release.debian.org
Version: 10.9
Hi,
Each of the updates referenced in these bugs was included in the 10.9
point release today.
Regards,
Adam
--- End Message ---
