Package: release.debian.org Severity: normal Tags: bookworm User: [email protected] Usertags: pu X-Debbugs-Cc: [email protected] Control: affects -1 + src:exfatprogs
[ Reason ] https://security-tracker.debian.org/tracker/CVE-2023-45897 Low priority security issue, out-of-bounds memory access in the exFAT fsck utility exfat2img helper. [ Impact ] Low priority security issue is fixed. [ Tests ] Manual tests performed that effected tools still work. [ Risks ] - [ Checklist ] [X] *all* changes are documented in the d/changelog [X] I reviewed all changes and I approve them [X] attach debdiff against the package in (old)stable [X] the issue is verified as fixed in unstable [ Changes ] Adds a patch bundling the three upstream commits which are referenced together with the CVE ID. gbp.conf and Vcs-Git reference the bookworm branch [ Other info ] There wasn't a bug filled for this CVE in the BTS. The regular upload of 1.2.2 to unstable fixed the issue before the CVE ID was published, so there is not yet a CVE ID mentioned in the unstable changelog.
diff -Nru exfatprogs-1.2.0/debian/changelog exfatprogs-1.2.0/debian/changelog --- exfatprogs-1.2.0/debian/changelog 2022-10-28 14:48:05.000000000 +0200 +++ exfatprogs-1.2.0/debian/changelog 2023-11-04 17:56:01.000000000 +0100 @@ -1,3 +1,11 @@ +exfatprogs (1.2.0-1+deb12u1) bookworm; urgency=medium + + * CVE-2023-45897 Add debian/patches/CVE-2023-45897-out-of-bounds-memory-access + to fix three out-of-bounds memory access issues. + * Add bookworm branch information to Vcs-Git and gbp.conf. + + -- Sven Hoexter <[email protected]> Sat, 04 Nov 2023 17:56:01 +0100 + exfatprogs (1.2.0-1) unstable; urgency=medium * New upstream release. diff -Nru exfatprogs-1.2.0/debian/control exfatprogs-1.2.0/debian/control --- exfatprogs-1.2.0/debian/control 2022-10-28 14:47:18.000000000 +0200 +++ exfatprogs-1.2.0/debian/control 2023-11-04 17:38:34.000000000 +0100 @@ -6,7 +6,7 @@ Standards-Version: 4.6.1 Rules-Requires-Root: no Homepage: https://github.com/exfatprogs/exfatprogs -Vcs-Git: https://git.sven.stormbind.net/exfatprogs.git +Vcs-Git: https://git.sven.stormbind.net/exfatprogs.git -b bookworm Vcs-Browser: https://git.sven.stormbind.net/?p=sven/exfatprogs.git Package: exfatprogs diff -Nru exfatprogs-1.2.0/debian/gbp.conf exfatprogs-1.2.0/debian/gbp.conf --- exfatprogs-1.2.0/debian/gbp.conf 2022-10-28 14:19:18.000000000 +0200 +++ exfatprogs-1.2.0/debian/gbp.conf 2023-11-04 16:39:40.000000000 +0100 @@ -1,2 +1,3 @@ [DEFAULT] pristine-tar = True +debian-branch = bookworm diff -Nru exfatprogs-1.2.0/debian/patches/CVE-2023-45897-out-of-bounds-memory-access exfatprogs-1.2.0/debian/patches/CVE-2023-45897-out-of-bounds-memory-access --- exfatprogs-1.2.0/debian/patches/CVE-2023-45897-out-of-bounds-memory-access 1970-01-01 01:00:00.000000000 +0100 +++ exfatprogs-1.2.0/debian/patches/CVE-2023-45897-out-of-bounds-memory-access 2023-11-04 16:39:40.000000000 +0100 @@ -0,0 +1,67 @@ +Description: CVE-2023-45897 out-of-bounds memory access +Origin: https://github.com/exfatprogs/exfatprogs/commit/ec78688e5fb5a70e13df82b4c0da1e6228d3ccdf + https://github.com/exfatprogs/exfatprogs/commit/22d0e43e8d24119cbfc6efafabb0dec6517a86c4 + https://github.com/exfatprogs/exfatprogs/commit/4abc55e976573991e6a1117bb2b3711e59da07ae +Last-Update: 2023-10-31 +Index: exfatprogs/exfat2img/exfat2img.c +=================================================================== +--- exfatprogs.orig/exfat2img/exfat2img.c ++++ exfatprogs/exfat2img/exfat2img.c +@@ -319,7 +319,7 @@ static int read_file_dentry_set(struct e + if (!node) + return -ENOMEM; + +- for (i = 2; i <= file_de->file_num_ext; i++) { ++ for (i = 2; i <= MIN(file_de->file_num_ext, 1 + MAX_NAME_DENTRIES); i++) { + ret = exfat_de_iter_get(iter, i, &dentry); + if (ret || dentry->type != EXFAT_NAME) + break; +Index: exfatprogs/fsck/fsck.c +=================================================================== +--- exfatprogs.orig/fsck/fsck.c ++++ exfatprogs/fsck/fsck.c +@@ -769,7 +769,7 @@ ask_again: + char *rename = NULL; + __u16 hash; + struct exfat_dentry *stream_de; +- int name_len, ret; ++ int ret; + + switch (num) { + case 1: +@@ -798,11 +798,11 @@ ask_again: + if (ret < 0) + return ret; + ++ ret >>=1; + memcpy(dentry->name_unicode, utf16_name, ENTRY_NAME_MAX * 2); +- name_len = exfat_utf16_len(utf16_name, ENTRY_NAME_MAX * 2); +- hash = exfat_calc_name_hash(iter->exfat, utf16_name, (int)name_len); ++ hash = exfat_calc_name_hash(iter->exfat, utf16_name, ret); + exfat_de_iter_get_dirty(iter, 1, &stream_de); +- stream_de->stream_name_len = (__u8)name_len; ++ stream_de->stream_name_len = (__u8)ret; + stream_de->stream_name_hash = cpu_to_le16(hash); + } + +@@ -856,7 +856,7 @@ static int read_file_dentry_set(struct e + if (!node) + return -ENOMEM; + +- for (i = 2; i <= file_de->file_num_ext; i++) { ++ for (i = 2; i <= MIN(file_de->file_num_ext, 1 + MAX_NAME_DENTRIES); i++) { + ret = exfat_de_iter_get(iter, i, &dentry); + if (ret || dentry->type != EXFAT_NAME) { + if (i > 2 && repair_file_ask(iter, NULL, ER_DE_NAME, +Index: exfatprogs/include/exfat_ondisk.h +=================================================================== +--- exfatprogs.orig/include/exfat_ondisk.h ++++ exfatprogs/include/exfat_ondisk.h +@@ -40,6 +40,7 @@ + /* exFAT allows 8388608(256MB) directory entries */ + #define MAX_EXFAT_DENTRIES 8388608 + #define MIN_FILE_DENTRIES 3 ++#define MAX_NAME_DENTRIES 17 + + /* dentry types */ + #define MSDOS_DELETED 0xE5 /* deleted mark */ diff -Nru exfatprogs-1.2.0/debian/patches/series exfatprogs-1.2.0/debian/patches/series --- exfatprogs-1.2.0/debian/patches/series 1970-01-01 01:00:00.000000000 +0100 +++ exfatprogs-1.2.0/debian/patches/series 2023-11-04 16:39:40.000000000 +0100 @@ -0,0 +1 @@ +CVE-2023-45897-out-of-bounds-memory-access
