Bug#1014539: squirrel3: CVE-2022-30292
Hello, Matthias Geiger wrote on 07/05/2024 at 00:05:36+0200: > On Thu, 18 Apr 2024 14:40:58 +0200 Matthias Geiger > wrote: > >> >> //I have prepared a fix; however this needs the FTBFS in #997441 >> adressed first. >> >> Will attach a debdiff once that has happened. >> > > See attachement. > > best, I've uploaded this debdiff in DELAYED/7. Please reach out if there's any issue. Bests, -- PEB diff -Nru squirrel3-3.1/debian/changelog squirrel3-3.1/debian/changelog --- squirrel3-3.1/debian/changelog 2024-04-29 23:39:09.0 +0200 +++ squirrel3-3.1/debian/changelog 2024-05-13 14:59:34.0 +0200 @@ -1,3 +1,11 @@ +squirrel3 (3.1-8.2) unstable; urgency=medium + + * Non-maintainer upload. + * Cherry-pick upstream commit as 03-fix-buffer-overflow.diff +Closes: #1014539, CVE-2022-30292 + + -- Matthias Geiger Mon, 13 May 2024 14:59:34 +0200 + squirrel3 (3.1-8.1) unstable; urgency=medium * Non-maintainer upload. diff -Nru squirrel3-3.1/debian/patches/03-fix-buffer-overflow.diff squirrel3-3.1/debian/patches/03-fix-buffer-overflow.diff --- squirrel3-3.1/debian/patches/03-fix-buffer-overflow.diff 1970-01-01 01:00:00.0 +0100 +++ squirrel3-3.1/debian/patches/03-fix-buffer-overflow.diff 2024-05-13 14:59:20.0 +0200 @@ -0,0 +1,22 @@ +From a6413aa690e0bdfef648c68693349a7b878fe60d Mon Sep 17 00:00:00 2001 +From: Alberto Demichelis +Date: Mon, 2 May 2022 12:04:58 +0200 +Subject: [PATCH] fix in thread.call + +--- + squirrel/sqbaselib.cpp | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/squirrel/sqbaselib.cpp b/squirrel/sqbaselib.cpp +index 662aeac..e283900 100644 +--- a/squirrel/sqbaselib.cpp b/squirrel/sqbaselib.cpp +@@ -1012,6 +1012,7 @@ static SQInteger thread_call(HSQUIRRELVM v) + SQObjectPtr o = stack_get(v,1); + if(type(o) == OT_THREAD) { + SQInteger nparams = sq_gettop(v); ++sq_reservestack(_thread(o), nparams + 3); + _thread(o)->Push(_thread(o)->_roottable); + for(SQInteger i = 2; i<(nparams+1); i++) + sq_move(_thread(o),v,i); + diff -Nru squirrel3-3.1/debian/patches/series squirrel3-3.1/debian/patches/series --- squirrel3-3.1/debian/patches/series 2024-04-29 23:33:43.0 +0200 +++ squirrel3-3.1/debian/patches/series 2024-05-13 14:59:20.0 +0200 @@ -1,2 +1,3 @@ 01-fix-spelling-errors.patch 02-sphinx-ext.patch +03-fix-buffer-overflow.diff signature.asc Description: PGP signature
Bug#1014539: squirrel3: CVE-2022-30292
On Thu, 18 Apr 2024 14:40:58 +0200 Matthias Geiger wrote: > > //I have prepared a fix; however this needs the FTBFS in #997441 > adressed first. > > Will attach a debdiff once that has happened. > See attachement. best, -- Matthias Geiger Debian Maintainer diff -Nru squirrel3-3.1/debian/changelog squirrel3-3.1/debian/changelog --- squirrel3-3.1/debian/changelog 2024-02-16 17:46:43.0 +0100 +++ squirrel3-3.1/debian/changelog 2024-05-06 23:54:53.0 +0200 @@ -1,3 +1,11 @@ +squirrel3 (3.1-8.2) unstable; urgency=medium + + * Non-maintainer upload. + * Cherry-pick upstream commit as 03-fix-buffer-overflow.diff (Closes: #1014539) +(CVE-2022-30292) + + -- Matthias Geiger Mon, 06 May 2024 23:54:53 +0200 + squirrel3 (3.1-8.1) unstable; urgency=medium * Non-maintainer upload. diff -Nru squirrel3-3.1/debian/patches/03-fix-buffer-overflow.diff squirrel3-3.1/debian/patches/03-fix-buffer-overflow.diff --- squirrel3-3.1/debian/patches/03-fix-buffer-overflow.diff1970-01-01 01:00:00.0 +0100 +++ squirrel3-3.1/debian/patches/03-fix-buffer-overflow.diff2024-05-06 23:52:27.0 +0200 @@ -0,0 +1,22 @@ +From a6413aa690e0bdfef648c68693349a7b878fe60d Mon Sep 17 00:00:00 2001 +From: Alberto Demichelis +Date: Mon, 2 May 2022 12:04:58 +0200 +Subject: [PATCH] fix in thread.call + +--- + squirrel/sqbaselib.cpp | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/squirrel/sqbaselib.cpp b/squirrel/sqbaselib.cpp +index 662aeac..e283900 100644 +--- a/squirrel/sqbaselib.cpp b/squirrel/sqbaselib.cpp +@@ -1012,6 +1012,7 @@ static SQInteger thread_call(HSQUIRRELVM v) + SQObjectPtr o = stack_get(v,1); + if(type(o) == OT_THREAD) { + SQInteger nparams = sq_gettop(v); ++sq_reservestack(_thread(o), nparams + 3); + _thread(o)->Push(_thread(o)->_roottable); + for(SQInteger i = 2; i<(nparams+1); i++) + sq_move(_thread(o),v,i); + diff -Nru squirrel3-3.1/debian/patches/series squirrel3-3.1/debian/patches/series --- squirrel3-3.1/debian/patches/series 2024-02-16 17:46:43.0 +0100 +++ squirrel3-3.1/debian/patches/series 2024-05-06 23:52:45.0 +0200 @@ -1,2 +1,3 @@ 01-fix-spelling-errors.patch 02-sphinx-ext.patch +03-fix-buffer-overflow.diff
Bug#1014539: squirrel3: CVE-2022-30292
On Thu, 7 Jul 2022 17:55:11 +0200 =?UTF-8?Q?Moritz_M=C3=BChlenhoff?= wrote: > Source: squirrel3 > X-Debbugs-CC: t...@security.debian.org > Severity: grave > Tags: security > > Hi, > > The following vulnerability was published for squirrel3. > > CVE-2022-30292[0]: > | Heap-based buffer overflow in sqbaselib.cpp in SQUIRREL 3.2 due to > | lack of a certain sq_reservestack call. > > https://github.com/albertodemichelis/squirrel/commit/a6413aa690e0bdfef648c68693349a7b878fe60d > https://github.com/sprushed/CVE-2022-30292 > > If you fix the vulnerability please also make sure to include the > CVE (Common Vulnerabilities & Exposures) id in your changelog entry. > > For further information see: > > [0] https://security-tracker.debian.org/tracker/CVE-2022-30292 > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30292 > > Please adjust the affected versions in the BTS as needed. > > //I have prepared a fix; however this needs the FTBFS in #997441 adressed first. Will attach a debdiff once that has happened. best, -- Matthias Geiger Debian Maintainer
Bug#1014539: squirrel3: CVE-2022-30292
Source: squirrel3 X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerability was published for squirrel3. CVE-2022-30292[0]: | Heap-based buffer overflow in sqbaselib.cpp in SQUIRREL 3.2 due to | lack of a certain sq_reservestack call. https://github.com/albertodemichelis/squirrel/commit/a6413aa690e0bdfef648c68693349a7b878fe60d https://github.com/sprushed/CVE-2022-30292 If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2022-30292 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30292 Please adjust the affected versions in the BTS as needed.