Your message dated Sun, 30 Nov 2014 17:06:49 +0000
with message-id <[email protected]>
and subject line Re: Bug#771552: unblock: tcpdump/4.6.2-3
has caused the Debian Bug report #771552,
regarding unblock: tcpdump/4.6.2-3
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
771552: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=771552
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: [email protected]
Usertags: unblock
Dear Release Team,
Please unblock tcpdump 4.6.2-3, it fixes a security vulnerability in the
PPP dissector known as CVE-2014-9140.
Full debdiff attached
unblock tcpdump/4.6.2-3
diffstat for tcpdump-4.6.2 tcpdump-4.6.2
changelog | 7 +++++
patches/60_cve-2014-9140.diff | 50 ++++++++++++++++++++++++++++++++++++++++++
patches/series | 1
3 files changed, 58 insertions(+)
diff -Nru tcpdump-4.6.2/debian/changelog tcpdump-4.6.2/debian/changelog
--- tcpdump-4.6.2/debian/changelog 2014-11-22 11:48:11.000000000 +0100
+++ tcpdump-4.6.2/debian/changelog 2014-11-29 12:24:11.000000000 +0100
@@ -1,3 +1,10 @@
+tcpdump (4.6.2-3) unstable; urgency=high
+
+ * Cherry-pick commit 0f95d441e4 from upstream Git to fix a buffer overflow
+ in the PPP dissector (CVE-2014-9140).
+
+ -- Romain Francoise <[email protected]> Sat, 29 Nov 2014 12:23:53 +0100
+
tcpdump (4.6.2-2) unstable; urgency=high
* Urgency high due to security fixes.
diff -Nru tcpdump-4.6.2/debian/patches/60_cve-2014-9140.diff tcpdump-4.6.2/debian/patches/60_cve-2014-9140.diff
--- tcpdump-4.6.2/debian/patches/60_cve-2014-9140.diff 1970-01-01 01:00:00.000000000 +0100
+++ tcpdump-4.6.2/debian/patches/60_cve-2014-9140.diff 2014-11-29 12:15:29.000000000 +0100
@@ -0,0 +1,50 @@
+commit 0f95d441e4b5d7512cc5c326c8668a120e048eda
+Author: Guy Harris <[email protected]>
+Date: Wed Oct 22 12:31:21 2014 -0700
+
+ Do bounds checking when unescaping PPP.
+
+ Clean up a const issue while we're at it.
+
+diff --git a/print-ppp.c b/print-ppp.c
+index 8e098f0..9a983e6 100644
+--- a/print-ppp.c
++++ b/print-ppp.c
+@@ -1351,14 +1351,15 @@ static void
+ ppp_hdlc(netdissect_options *ndo,
+ const u_char *p, int length)
+ {
+- u_char *b, *s, *t, c;
++ u_char *b, *t, c;
++ const u_char *s;
+ int i, proto;
+ const void *se;
+
+ if (length <= 0)
+ return;
+
+- b = (uint8_t *)malloc(length);
++ b = (u_char *)malloc(length);
+ if (b == NULL)
+ return;
+
+@@ -1367,14 +1368,13 @@ ppp_hdlc(netdissect_options *ndo,
+ * Do this so that we dont overwrite the original packet
+ * contents.
+ */
+- for (s = (u_char *)p, t = b, i = length; i > 0; i--) {
++ for (s = p, t = b, i = length; i > 0 && ND_TTEST(*s); i--) {
+ c = *s++;
+ if (c == 0x7d) {
+- if (i > 1) {
+- i--;
+- c = *s++ ^ 0x20;
+- } else
+- continue;
++ if (i <= 1 || !ND_TTEST(*s))
++ break;
++ i--;
++ c = *s++ ^ 0x20;
+ }
+ *t++ = c;
+ }
diff -Nru tcpdump-4.6.2/debian/patches/series tcpdump-4.6.2/debian/patches/series
--- tcpdump-4.6.2/debian/patches/series 2014-11-22 11:38:26.000000000 +0100
+++ tcpdump-4.6.2/debian/patches/series 2014-11-29 12:19:11.000000000 +0100
@@ -7,3 +7,4 @@
60_cve-2014-8767.diff
60_cve-2014-8768.diff
60_cve-2014-8769.diff
+60_cve-2014-9140.diff
--- End Message ---
--- Begin Message ---
On Sun, 2014-11-30 at 17:56 +0100, Romain Francoise wrote:
> Please unblock tcpdump 4.6.2-3, it fixes a security vulnerability in the
> PPP dissector known as CVE-2014-9140.
Unblocked.
Regards,
Adam
--- End Message ---
