Bug#695614: CVE-2012-6303: buffer overflows
Package: snack Dear maintainer, Recently you fixed one or more security problems and as a result you closed this bug. These problems were not serious enough for a Debian Security Advisory, so they are now on my radar for fixing in the following suites through point releases: squeeze (6.0.7) - use target stable Please prepare a minimal-changes upload targetting each of these suites, and submit a debdiff to the Release Team [0] for consideration. They will offer additional guidance or instruct you to upload your package. I will happily assist you at any stage if the patch is straightforward and you need help. Please keep me in CC at all times so I can track [1] the progress of this request. For details of this process and the rationale, please see the original announcement [2] and my blog post [3]. 0: debian-rele...@lists.debian.org 1: http://prsc.debian.net/tracker/695614/ 2: 201101232332.11736.th...@debian.org 3: http://deb.li/prsc Thanks, with his security hat on: -- Jonathan Wiltshire j...@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51 -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#695614: CVE-2012-6303: buffer overflows
Hi Jonathan. On Thu, Jan 17, 2013 at 3:42 PM, Jonathan Wiltshire j...@debian.org wrote: Please prepare a minimal-changes upload targetting each of these suites, and submit a debdiff to the Release Team [0] for consideration. They will offer additional guidance or instruct you to upload your package. I'll do that in a few days. Thank you for the reminder. Cheers! -- Sergei Golovan -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#695614: CVE-2012-6303: buffer overflows
The attached patch fixes the buffer overrun for the fixed-size header buffer. --- snack-2.2.10-dfsg1/generic/jkSoundFile.c 2005-12-14 12:29:38.0 +0100 +++ snack-2.2.10-dfsg1+karcher/generic/jkSoundFile.c 2013-01-02 00:29:56.836287036 +0100 @@ -1796,7 +1796,14 @@ GetHeaderBytes(Sound *s, Tcl_Interp *interp, Tcl_Channel ch, char *buf, int len) { - int rlen = Tcl_Read(ch, buf[s-firstNRead], len - s-firstNRead); + int rlen; + + if (len max(CHANNEL_HEADER_BUFFER, HEADBUF)){ +Tcl_AppendResult(interp, Excessive header size, NULL); +return TCL_ERROR; + } + + rlen = Tcl_Read(ch, buf[s-firstNRead], len - s-firstNRead); if (rlen len - s-firstNRead){ Tcl_AppendResult(interp, Failed reading header bytes, NULL);
Bug#695614: CVE-2012-6303: buffer overflows
On Wed, Jan 02, 2013 at 12:36:06AM +0100, Michael Karcher wrote: The attached patch fixes the buffer overrun for the fixed-size header buffer. I have verified the patch to work and I am currently preparing an updated snack package. I used the crafted WAV file from [1] and with the patched snack library, WaveSurfer no longer crashes. Cheers, Adrian [1] http://www.exploit-db.com/exploits/19772/ -- .''`. John Paul Adrian Glaubitz : :' : Debian Developer - glaub...@debian.org `. `' Freie Universitaet Berlin - glaub...@physik.fu-berlin.de `-GPG: 62FF 8A75 84E0 2956 9546 0006 7426 3B37 F5B5 F913 -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#695614: CVE-2012-6303: buffer overflows
Control: severity -1 grave Hi [09:51] jmm the commits look good, thanks. for buffer overflows it's best to file an RC bug by default. [09:51] jmm if further analysis shows that it's more harmless it can still be downgrade So I'm raising the severity as it's about buffer overflows. Regards, Salvatore signature.asc Description: Digital signature
Bug#695614: CVE-2012-6303: buffer overflows
Package: snack Severity: important Tags: security Hi, the following vulnerability was published for snack. CVE-2012-6303[0]: WaveSurfer and Snack Sound Toolkit buffer overflows If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities Exposures) id in your changelog entry. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6303 http://security-tracker.debian.org/tracker/CVE-2012-6303 [1] http://www.openwall.com/lists/oss-security/2012/12/10/2 Please adjust the affected versions in the BTS as needed. p.s.: I haven't done further investigation, only reporting/forwarding from oss-security mailinglist. Regards, Salvatore signature.asc Description: Digital signature