Your message dated Wed, 01 Apr 2015 07:08:14 +0200
with message-id <[email protected]>
and subject line Re: Bug#781630: unblock: musl/1.1.5-2
has caused the Debian Bug report #781630,
regarding unblock: musl/1.1.5-2
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
781630: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=781630
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: [email protected]
Usertags: unblock
Please unblock package musl
this upload fixes an RC-bug #781497 (CVE-2015-1817).
Debdiff is attached.
unblock musl/1.1.5-2
Thanks
Anton
diff -Nru musl-1.1.5/debian/changelog musl-1.1.5/debian/changelog
--- musl-1.1.5/debian/changelog 2014-10-15 23:05:27.000000000 +0200
+++ musl-1.1.5/debian/changelog 2015-03-31 23:12:02.000000000 +0200
@@ -1,3 +1,9 @@
+musl (1.1.5-2) unstable; urgency=low
+
+ * Fixes possible stack-based buffer overflow CVE-2015-1817 (Closes: #781497)
+
+ -- Kevin Bortis <[email protected]> Tue, 31 Mar 2015 22:42:17 +0200
+
musl (1.1.5-1) unstable; urgency=low
[ Kevin Bortis ]
diff -Nru musl-1.1.5/debian/patches/cve-2015-1817.diff musl-1.1.5/debian/patches/cve-2015-1817.diff
--- musl-1.1.5/debian/patches/cve-2015-1817.diff 1970-01-01 01:00:00.000000000 +0100
+++ musl-1.1.5/debian/patches/cve-2015-1817.diff 2015-03-31 23:20:03.000000000 +0200
@@ -0,0 +1,36 @@
+Description: Fixes possible stack-based buffer overflow CVE-2015-1817
+Author: Kevin Bortis <[email protected]>
+Bug-Debian: http://bugs.debian.org/781497
+Last-Update: 2015-03-31
+
+--- a/src/network/inet_pton.c
++++ b/src/network/inet_pton.c
+@@ -39,14 +39,15 @@
+ for (i=0; ; i++) {
+ if (s[0]==':' && brk<0) {
+ brk=i;
+- ip[i]=0;
++ ip[i&7]=0;
+ if (!*++s) break;
++ if (i==7) return 0;
+ continue;
+ }
+ for (v=j=0; j<4 && (d=hexval(s[j]))>=0; j++)
+ v=16*v+d;
+ if (j==0) return 0;
+- ip[i] = v;
++ ip[i&7] = v;
+ if (!s[j] && (brk>=0 || i==7)) break;
+ if (i==7) return 0;
+ if (s[j]!=':') {
+--- a/src/regex/regcomp.c
++++ b/src/regex/regcomp.c
+@@ -847,7 +847,7 @@
+ } else {
+ /* extension: accept unknown escaped char
+ as a literal */
+- node = tre_ast_new_literal(ctx->mem, *s, *s, ctx->position);
++ goto parse_literal;
+ }
+ ctx->position++;
+ }
diff -Nru musl-1.1.5/debian/patches/series musl-1.1.5/debian/patches/series
--- musl-1.1.5/debian/patches/series 1970-01-01 01:00:00.000000000 +0100
+++ musl-1.1.5/debian/patches/series 2015-03-31 23:11:32.000000000 +0200
@@ -0,0 +1 @@
+cve-2015-1817.diff
--- End Message ---
--- Begin Message ---
On 2015-04-01 00:08, Anton Gladky wrote:
> Package: release.debian.org
> Severity: normal
> User: [email protected]
> Usertags: unblock
>
> Please unblock package musl
>
> this upload fixes an RC-bug #781497 (CVE-2015-1817).
> Debdiff is attached.
>
>
> unblock musl/1.1.5-2
>
>
> Thanks
>
> Anton
>
Unblocked, thanks.
~Niels
--- End Message ---
