Your message dated Sat, 23 Feb 2013 11:56:55 +0000
with message-id <[email protected]>
and subject line Closing p-u bugs included in point release
has caused the Debian Bug report #698621,
regarding pu: package swath/0.4.0-4
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
698621: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=698621
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: [email protected]
Usertags: pu
swath has got a trivial security fix, addressing Bug #698189, which the
security team considers trivial enough to upload to stable-proposed-updates.
(See the quoted conversation below.)
The prepared upload can be found here:
http://linux.thai.net/~thep/debs/swath-squeeze/swath_0.4.0-4+squeeze1.dsc
The debdiff is also attached for your review.
On Mon, Jan 21, 2013 at 4:14 PM, Yves-Alexis Perez <[email protected]> wrote:
> On lun., 2013-01-21 at 15:56 +0700, Theppitak Karoonboonyanan wrote:
>> Dear security team,
>>
>> I have been reported a potential buffer overflow vulnerability in
>> swath,
>> which allows shell injection via long command-line argument:
>>
>> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=698189
>>
>> The exploit is not known yet, but the report is already public
>> (in the bug log).
>>
>> Both stable (0.4.0-4) and testing/unstable (0.4.3-2) versions are
>> affected.
>>
>> For testing/unstable, the fix has been uploaded (0.4.3-3).
>> For stable, I have prepared the deb for your review here:
>>
>> http://linux.thai.net/~thep/debs/swath-squeeze/swath_0.4.0-4
>> +squeeze1.dsc
>>
>> The debdiff is also attached.
>
> Thanks for the report. It doesn't look bad enough to warrant a DSA imho.
> Can you please ask release team for a stable upload? I'll contact
> oss-sec to have a CVE assigned.
>
> Regards,
> --
> Yves-Alexis
-- System Information:
Debian Release: 7.0
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=th_TH.utf8, LC_CTYPE=th_TH.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
diff -Nru swath-0.4.0/debian/changelog swath-0.4.0/debian/changelog
--- swath-0.4.0/debian/changelog 2010-01-14 15:24:18.000000000 +0700
+++ swath-0.4.0/debian/changelog 2013-01-21 16:26:19.000000000 +0700
@@ -1,3 +1,11 @@
+swath (0.4.0-4+squeeze1) stable; urgency=high
+
+ * debian/patches/01_buffer-overflow.patch: backport patch from upstream
+ to fix potential buffer overflow in Mule mode.
+ Thanks Dominik Maier for the report. (Closes: #698189)
+
+ -- Theppitak Karoonboonyanan <[email protected]> Mon, 21 Jan 2013 15:03:30
+0700
+
swath (0.4.0-4) unstable; urgency=low
* debian/rules: Fix failure to build twice in a row:
diff -Nru swath-0.4.0/debian/patches/01_buffer-overflow.patch
swath-0.4.0/debian/patches/01_buffer-overflow.patch
--- swath-0.4.0/debian/patches/01_buffer-overflow.patch 1970-01-01
07:00:00.000000000 +0700
+++ swath-0.4.0/debian/patches/01_buffer-overflow.patch 2013-01-21
16:26:19.000000000 +0700
@@ -0,0 +1,22 @@
+Author: Theppitak Karoonboonyanan <[email protected]>
+Description: Fix potential buffer overflow
+Origin: backport,
http://linux.thai.net/websvn/wsvn/software.swath/trunk?op=revision&rev=238&peg=238
+Bug-Debian: http://bugs.debian.org/698189
+
+Index: swath/src/wordseg.cpp
+===================================================================
+--- swath.orig/src/wordseg.cpp 2013-01-21 13:19:24.261886743 +0700
++++ swath/src/wordseg.cpp 2013-01-21 13:20:31.693890376 +0700
+@@ -253,11 +253,7 @@
+ }
+ delete FltX;
+ }else{
+- char stopstr[20];
+- if (muleMode)
+- strcpy(stopstr,wbr);
+- else
+- stopstr[0]='\0';
++ const char *stopstr = muleMode ? wbr : "";
+ for (;;) { // read until end of file.
+ if (mode == 0) printf("Input : ");
+ for (i = 0; ((c = fgetc(tmpin)) != '\n')
diff -Nru swath-0.4.0/debian/patches/series swath-0.4.0/debian/patches/series
--- swath-0.4.0/debian/patches/series 1970-01-01 07:00:00.000000000 +0700
+++ swath-0.4.0/debian/patches/series 2013-01-21 16:26:19.000000000 +0700
@@ -0,0 +1 @@
+01_buffer-overflow.patch
--- End Message ---
--- Begin Message ---
Version: 6.0.7
Hi,
The package discussed in each of these bugs was added to stable as part
of today's point release.
Regards,
Adam
--- End Message ---
