Your message dated Sun, 1 Mar 2015 01:50:15 +0100
with message-id <[email protected]>
and subject line Re: Bug#779466: unblock: e2fsprogs/1.42.12-1.1
has caused the Debian Bug report #779466,
regarding unblock: e2fsprogs/1.42.12-1.1
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
779466: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=779466
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
package: release.debian.org
user: [email protected]
usertags: unblock
severity: normal
x-debbugs-cc: [email protected]
Please consider unblocking e2fsprogs. A security issue is fixed.
unblock e2fsprogs/1.42.12-1.1
unblock-udeb e2fsprogs/1.42.12-1.1
diff -Nru e2fsprogs-1.42.12/debian/changelog e2fsprogs-1.42.12/debian/changelog
--- e2fsprogs-1.42.12/debian/changelog 2014-08-29 12:51:13.000000000 +0000
+++ e2fsprogs-1.42.12/debian/changelog 2015-02-22 02:18:20.000000000 +0000
@@ -1,3 +1,10 @@
+e2fsprogs (1.42.12-1.1) unstable; urgency=high
+
+ * Non-maintainer upload by the Security Team.
+ * Fix CVE-2015-1572: incomplete fix for CVE-2015-0247 (closes: #778948).
+
+ -- Michael Gilbert <[email protected]> Sun, 22 Feb 2015 01:50:57 +0000
+
e2fsprogs (1.42.12-1) unstable; urgency=low
* New upstream version
diff -Nru e2fsprogs-1.42.12/debian/patches/CVE-2015-1572.patch e2fsprogs-1.42.12/debian/patches/CVE-2015-1572.patch
--- e2fsprogs-1.42.12/debian/patches/CVE-2015-1572.patch 1970-01-01 00:00:00.000000000 +0000
+++ e2fsprogs-1.42.12/debian/patches/CVE-2015-1572.patch 2015-02-22 02:18:20.000000000 +0000
@@ -0,0 +1,48 @@
+From 49d0fe2a14f2a23da2fe299643379b8c1d37df73
+From: Theodore Ts'o <[email protected]>
+Date: Fri, 6 Feb 2015 12:46:39 -0500
+Subject: libext2fs: fix potential buffer overflow in closefs()
+
+The bug fix in f66e6ce4446: "libext2fs: avoid buffer overflow if
+s_first_meta_bg is too big" had a typo in the fix for
+ext2fs_closefs(). In practice most of the security exposure was from
+the openfs path, since this meant if there was a carefully crafted
+file system, buffer overrun would be triggered when the file system was
+opened.
+
+However, if corrupted file system didn't trip over some corruption
+check, and then the file system was modified via tune2fs or debugfs,
+such that the superblock was marked dirty and then written out via the
+closefs() path, it's possible that the buffer overrun could be
+triggered when the file system is closed.
+
+Also clear up a signed vs unsigned warning while we're at it.
+
+Thanks to Nick Kralevich <[email protected]> for asking me to look at
+compiler warning in the code in question, which led me to notice the
+bug in f66e6ce4446.
+
+Addresses: CVE-2015-1572
+
+Signed-off-by: Theodore Ts'o <[email protected]>
+
+--- a/lib/ext2fs/closefs.c
++++ b/lib/ext2fs/closefs.c
+@@ -287,7 +287,7 @@ errcode_t ext2fs_flush2(ext2_filsys fs, int flags)
+ dgrp_t j;
+ #endif
+ char *group_ptr;
+- int old_desc_blocks;
++ blk64_t old_desc_blocks;
+ struct ext2fs_numeric_progress_struct progress;
+
+ EXT2_CHECK_MAGIC(fs, EXT2_ET_MAGIC_EXT2FS_FILSYS);
+@@ -346,7 +346,7 @@ errcode_t ext2fs_flush2(ext2_filsys fs, int flags)
+ group_ptr = (char *) group_shadow;
+ if (fs->super->s_feature_incompat & EXT2_FEATURE_INCOMPAT_META_BG) {
+ old_desc_blocks = fs->super->s_first_meta_bg;
+- if (old_desc_blocks > fs->super->s_first_meta_bg)
++ if (old_desc_blocks > fs->desc_blocks)
+ old_desc_blocks = fs->desc_blocks;
+ } else
+ old_desc_blocks = fs->desc_blocks;
diff -Nru e2fsprogs-1.42.12/debian/patches/series e2fsprogs-1.42.12/debian/patches/series
--- e2fsprogs-1.42.12/debian/patches/series 1970-01-01 00:00:00.000000000 +0000
+++ e2fsprogs-1.42.12/debian/patches/series 2015-02-22 02:18:20.000000000 +0000
@@ -0,0 +1 @@
+CVE-2015-1572.patch
--- End Message ---
--- Begin Message ---
On Sun, Mar 01, 2015 at 01:43:43AM +0100, Cyril Brulebois <[email protected]>
wrote:
> Control: tag -1 d-i confirmed
>
> Michael Gilbert <[email protected]> (2015-02-28):
> > package: release.debian.org
> > user: [email protected]
> > usertags: unblock
> > severity: normal
> > x-debbugs-cc: [email protected]
> >
> > Please consider unblocking e2fsprogs. A security issue is fixed.
> >
> > unblock e2fsprogs/1.42.12-1.1
> > unblock-udeb e2fsprogs/1.42.12-1.1
>
> No objections at first glance.
>
Thanks for the ack. I've added an unblock hint.
Regards,
--
Mehdi Dogguy
--- End Message ---
