Bug#861056: jessie-pu: package minicom/2.7-1+deb8u1

2017-04-25 Thread Adam D. Barratt 
Control: tags -1 + pending

On Mon, 2017-04-24 at 10:19 +0200, Salvatore Bonaccorso wrote:
> Hi Adam,
> 
> On Mon, Apr 24, 2017 at 09:07:27AM +0100, Adam D. Barratt wrote:
> > Control: tags -1 + confirmed
> > 
> > On 2017-04-24 8:31, Salvatore Bonaccorso wrote:
> > >A DSA for minicom is not needed, and given the next point release is
> > >approaching, I would like to propose to fix CVE-2017-7467, which is
> > >#860940 in the BTS, via a point release.
> > 
> > Please go ahead.
> 
> Thank you! Uploaded.

Flagged for acceptance into p-u.

Regards,

Adam

Bug#861056: jessie-pu: package minicom/2.7-1+deb8u1

2017-04-24 Thread Salvatore Bonaccorso 
Hi Adam,

On Mon, Apr 24, 2017 at 09:07:27AM +0100, Adam D. Barratt wrote:
> Control: tags -1 + confirmed
> 
> On 2017-04-24 8:31, Salvatore Bonaccorso wrote:
> >A DSA for minicom is not needed, and given the next point release is
> >approaching, I would like to propose to fix CVE-2017-7467, which is
> >#860940 in the BTS, via a point release.
> 
> Please go ahead.

Thank you! Uploaded.

Regards,
Salvatore

Bug#861056: jessie-pu: package minicom/2.7-1+deb8u1

2017-04-24 Thread Adam D. Barratt 

Control: tags -1 + confirmed

On 2017-04-24 8:31, Salvatore Bonaccorso wrote:

A DSA for minicom is not needed, and given the next point release is
approaching, I would like to propose to fix CVE-2017-7467, which is
#860940 in the BTS, via a point release.


Please go ahead.

Regards,

Adam

Bug#861056: jessie-pu: package minicom/2.7-1+deb8u1

2017-04-24 Thread Salvatore Bonaccorso 
Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian@packages.debian.org
Usertags: pu

Hi

A DSA for minicom is not needed, and given the next point release is
approaching, I would like to propose to fix CVE-2017-7467, which is
#860940 in the BTS, via a point release.

Attached the debdiff.

Regards,
Salvatore
diff -Nru minicom-2.7/debian/changelog minicom-2.7/debian/changelog
--- minicom-2.7/debian/changelog2014-01-01 10:28:01.0 +0100
+++ minicom-2.7/debian/changelog2017-04-24 09:03:48.0 +0200
@@ -1,3 +1,11 @@
+minicom (2.7-1+deb8u1) jessie; urgency=high
+
+  * Non-maintainer upload.
+  * Add ARRAY_SIZE macro
+  * CVE-2017-7467: Out of bounds write in vt100.c (Closes: #860940)
+
+ -- Salvatore Bonaccorso   Mon, 24 Apr 2017 09:03:48 +0200
+
 minicom (2.7-1) unstable; urgency=low
 
   * New upstream release, closes: #707564 (configurable status line).
diff -Nru minicom-2.7/debian/patches/Add-ARRAY_SIZE-macro.diff 
minicom-2.7/debian/patches/Add-ARRAY_SIZE-macro.diff
--- minicom-2.7/debian/patches/Add-ARRAY_SIZE-macro.diff1970-01-01 
01:00:00.0 +0100
+++ minicom-2.7/debian/patches/Add-ARRAY_SIZE-macro.diff2017-04-24 
09:03:48.0 +0200
@@ -0,0 +1,19 @@
+# HG changeset patch
+# User Adam Lackorzynski 
+# Date 1440364600 -7200
+# Node ID 4eff7b4cde33a56d9caf64e44722186c89e26922
+# Parent  3cb4335d5819099c85a30dae714f0a213fa4a44c
+Add ARRAY_SIZE macro
+
+diff -r 3cb4335d5819 -r 4eff7b4cde33 src/minicom.h
+--- a/src/minicom.hMon Jun 29 21:16:14 2015 +0200
 b/src/minicom.hSun Aug 23 23:16:40 2015 +0200
+@@ -303,6 +303,7 @@
+ int lockfile_create(int no_msgs);
+ void lockfile_remove(void);
+ 
++#define ARRAY_SIZE(a) (sizeof(a) / sizeof(a[0]))
+ 
+ 
+ /* We want the ANSI offsetof macro to do some dirty stuff. */
+
diff -Nru minicom-2.7/debian/patches/CVE-2017-7467.diff 
minicom-2.7/debian/patches/CVE-2017-7467.diff
--- minicom-2.7/debian/patches/CVE-2017-7467.diff   1970-01-01 
01:00:00.0 +0100
+++ minicom-2.7/debian/patches/CVE-2017-7467.diff   2017-04-24 
09:03:48.0 +0200
@@ -0,0 +1,33 @@
+# HG changeset patch
+# User Adam Lackorzynski 
+# Date 1492510834 -7200
+# Node ID c33d24938f3ed3dc2b7d328fe255794468a814eb
+# Parent  c72edf0e43bca463239ea15594d128ecbc0d2574
+Fix CVE-2017-7467, a remote exploitalbe out of bound access
+
+This fixes an out of bounds data access that can lead to a
+remotely exploitable code execution.
+
+This issue was found by Solar Designer of Openwall during a
+security audit of the Virtuozzo 7 product, which contains
+derived downstream code in its prl-vzvncserver component.
+The corresponding Virtuozzo 7 fix is:
+
+https://src.openvz.org/projects/OVZ/repos/prl-vzvncserver/commits/6d95404e75b98f36b1cc85ee23df99dcf06ca13f
+
+Openwall would like to thank the Virtuozzo company for
+funding the effort.
+
+diff -r c72edf0e43bc -r c33d24938f3e src/vt100.c
+--- a/src/vt100.c  Sat Sep 17 02:17:37 2016 +0200
 b/src/vt100.c  Tue Apr 18 12:20:34 2017 +0200
+@@ -428,7 +428,7 @@
+   }
+   /* Separation between numbers ? */
+   if (c == ';') {
+-if (ptr < 15)
++if (ptr < (int)ARRAY_SIZE(escparms) - 1)
+   ptr++;
+ return;
+   }
+
diff -Nru minicom-2.7/debian/patches/series minicom-2.7/debian/patches/series
--- minicom-2.7/debian/patches/series   2014-01-01 10:21:15.0 +0100
+++ minicom-2.7/debian/patches/series   2017-04-24 09:03:48.0 +0200
@@ -2,3 +2,5 @@
 01manual.diff
 03norzsz.diff
 470582_history_buffer_msg.diff
+Add-ARRAY_SIZE-macro.diff
+CVE-2017-7467.diff