Bug#1111835: bookworm-pu: package libfcgi/2.4.2-2+deb12u1

Fri, 22 Aug 2025 10:07:06 -0700 

Package: release.debian.org
Severity: normal
Tags: bookworm
X-Debbugs-Cc: [email protected]
Control: affects -1 + src:libfcgi
User: [email protected]
Usertags: pu

Low impact security issue, debdiff below.

Cheers,
        Moritz

diff -Nru libfcgi-2.4.2/debian/changelog libfcgi-2.4.2/debian/changelog
--- libfcgi-2.4.2/debian/changelog      2020-01-01 01:00:01.000000000 +0100
+++ libfcgi-2.4.2/debian/changelog      2025-05-26 20:18:11.000000000 +0200
@@ -1,3 +1,9 @@
+libfcgi (2.4.2-2+deb12u1) bookworm; urgency=medium
+
+  * CVE-2025-23016 (Closes: #1092774)
+
+ -- Moritz Mühlenhoff <[email protected]>  Mon, 26 May 2025 20:18:11 +0200
+
 libfcgi (2.4.2-2) unstable; urgency=medium
 
   * Move to unstable: no changes required.
diff -Nru libfcgi-2.4.2/debian/patches/CVE-2025-23016.patch 
libfcgi-2.4.2/debian/patches/CVE-2025-23016.patch
--- libfcgi-2.4.2/debian/patches/CVE-2025-23016.patch   1970-01-01 
01:00:00.000000000 +0100
+++ libfcgi-2.4.2/debian/patches/CVE-2025-23016.patch   2025-05-26 
20:18:05.000000000 +0200
@@ -0,0 +1,29 @@
+From b0eabcaf4d4f371514891a52115c746815c2ff15 Mon Sep 17 00:00:00 2001
+From: Pycatchown <[email protected]>
+Date: Tue, 8 Apr 2025 17:39:30 +0200
+Subject: [PATCH] Update fcgiapp.c
+
+--- libfcgi-2.4.2.orig/libfcgi/fcgiapp.c
++++ libfcgi-2.4.2/libfcgi/fcgiapp.c
+@@ -1173,6 +1173,10 @@ static int ReadParams(Params *paramsPtr,
+           }
+             nameLen = ((nameLen & 0x7f) << 24) + (lenBuff[0] << 16)
+                     + (lenBuff[1] << 8) + lenBuff[2];
++          if (nameLen >= INT_MAX) {
++                SetError(stream, FCGX_PARAMS_ERROR);
++                return -1;
++          }
+         }
+         if((valueLen = FCGX_GetChar(stream)) == EOF) {
+             SetError(stream, FCGX_PARAMS_ERROR);
+@@ -1185,6 +1189,10 @@ static int ReadParams(Params *paramsPtr,
+           }
+             valueLen = ((valueLen & 0x7f) << 24) + (lenBuff[0] << 16)
+                     + (lenBuff[1] << 8) + lenBuff[2];
++          if (valueLen >= INT_MAX) {
++                SetError(stream, FCGX_PARAMS_ERROR);
++                return -1;
++          }
+         }
+         /*
+          * nameLen and valueLen are now valid; read the name and value
diff -Nru libfcgi-2.4.2/debian/patches/series 
libfcgi-2.4.2/debian/patches/series
--- libfcgi-2.4.2/debian/patches/series 1970-01-01 01:00:00.000000000 +0100
+++ libfcgi-2.4.2/debian/patches/series 2025-05-26 20:17:51.000000000 +0200
@@ -0,0 +1 @@
+CVE-2025-23016.patch

Reply via email to