Your message dated Thu, 17 May 2018 18:10:21 +0000 with message-id <e1fjnm5-000dc3...@fasolo.debian.org> and subject line Bug#863145: fixed in lrzip 0.631+git180517-1 has caused the Debian Bug report #863145, regarding lrzip: CVE-2017-8847: NULL pointer dereference in bufRead::get to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 863145: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863145 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: lrzip Version: 0.631-1 Severity: important Tags: security upstream Forwarded: https://github.com/ckolivas/lrzip/issues/67 Hi, the following vulnerability was published for lrzip. CVE-2017-8847[0]: | The bufRead::get() function in libzpaq/libzpaq.h in liblrzip.so in | lrzip 0.631 allows remote attackers to cause a denial of service (NULL | pointer dereference and application crash) via a crafted archive. ./lrzip -t /root/poc/00229-lrzip-nullptr-bufRead-get Decompressing... Inconsistent length after decompression. Got 0 bytes, expected 2 ASAN:DEADLYSIGNAL ================================================================= ==15340==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x000000459ef1 bp 0x7f4bf3031a90 sp 0x7f4bf3031a70 T2) #0 0x459ef0 in bufRead::get() libzpaq/libzpaq.h:485 #1 0x44de34 in libzpaq::Decompresser::findBlock(double*) libzpaq/libzpaq.cpp:1236 #2 0x44e45b in libzpaq::decompress(libzpaq::Reader*, libzpaq::Writer*) libzpaq/libzpaq.cpp:1363 #3 0x445c2c in zpaq_decompress libzpaq/libzpaq.h:538 #4 0x428c2e in zpaq_decompress_buf stream.c:453 #5 0x430e60 in ucompthread stream.c:1534 #6 0x7f4c48e05493 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x7493) #7 0x7f4c482ab93e in __clone (/lib/x86_64-linux-gnu/libc.so.6+0xe893e) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV libzpaq/libzpaq.h:485 in bufRead::get() Thread T2 created by T0 here: #0 0x7f4c49697f59 in __interceptor_pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.3+0x30f59) #1 0x4267f8 in create_pthread stream.c:133 #2 0x4325f0 in fill_buffer stream.c:1673 #3 0x4333d5 in read_stream stream.c:1755 #4 0x422b76 in unzip_literal runzip.c:162 #5 0x423ccb in runzip_chunk runzip.c:320 #6 0x4244a8 in runzip_fd runzip.c:382 #7 0x411378 in decompress_file lrzip.c:826 #8 0x409b39 in main main.c:669 #9 0x7f4c481e32b0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202b0) ==15340==ABORTING If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-8847 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8847 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: lrzip Source-Version: 0.631+git180517-1 We believe that the bug you reported is fixed in the latest version of lrzip, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 863...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Laszlo Boszormenyi (GCS) <g...@debian.org> (supplier of updated lrzip package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Thu, 17 May 2018 15:42:06 +0000 Source: lrzip Binary: lrzip Architecture: source amd64 Version: 0.631+git180517-1 Distribution: unstable Urgency: high Maintainer: Laszlo Boszormenyi (GCS) <g...@debian.org> Changed-By: Laszlo Boszormenyi (GCS) <g...@debian.org> Description: lrzip - compression program with a very high compression ratio Closes: 863145 863150 863151 863153 863155 863156 866020 866022 887065 888506 897645 898451 Changes: lrzip (0.631+git180517-1) unstable; urgency=high . * Git snapshot release to fix security issues: - CVE-2017-8842: divide-by-zero in bufRead::get() (closes: #863156), - CVE-2017-8843: NULL pointer dereference in join_pthread() (closes: #863155), - CVE-2017-8844: heap-based buffer overflow write in read_1g() (closes: #863153), - CVE-2017-8845: invalid memory read in lzo_decompress_buf() (closes: #863151), - CVE-2017-8846: use-after-free in read_stream() (closes: #863150), - CVE-2017-8847: NULL pointer dereference in bufRead::get() (closes: #863145), - CVE-2017-9928: stack buffer overflow in get_fileinfo() (closes: #866022), - CVE-2017-9929: another stack buffer overflow in get_fileinfo() (closes: #866020), - CVE-2018-5650: infinite loop from crafted/corrupt archive in unzip_match() (closes: #887065), - CVE-2018-5747: use-after-free in ucompthread() (closes: #898451), - CVE-2018-5786: infinite loop in get_fileinfo() (closes: #888506), - CVE-2018-9058: infinite loop in runzip_fd() , - CVE-2018-10685: use-after-free in lzma_decompress_buf() (closes: #897645). * Update homepage location. * Update debhelper level to 11: - don't need dh_installman anymore, - remove dh-autoreconf build dependency, - remove autotools-dev build dependency. * Update Standards-Version to 4.1.4 . Checksums-Sha1: 55c93759cf16e87ae9d56738e982f07396de915c 1833 lrzip_0.631+git180517-1.dsc 49d52bb9edc1524469d618cbe867560c8d704060 200660 lrzip_0.631+git180517.orig.tar.xz 3fbd5121440aee6c9a26fe2e53c0a7e42f095781 7688 lrzip_0.631+git180517-1.debian.tar.xz 8ac6130b8ceea862a54b253ffc17ebfc79b0cdb2 606280 lrzip-dbgsym_0.631+git180517-1_amd64.deb f79257b587a3fe3594f79400906d19018b352df5 6826 lrzip_0.631+git180517-1_amd64.buildinfo c10d6d80eaba467bd8472a836ee192dae21edf17 258876 lrzip_0.631+git180517-1_amd64.deb Checksums-Sha256: 18876a30fba64e3e5730a4ecf55687b762d50629a6c7dac52273cfb028b1ec3b 1833 lrzip_0.631+git180517-1.dsc 9e96b797efb4e908a2412c4e287fd42e766def638e8126cd306397d572a176ef 200660 lrzip_0.631+git180517.orig.tar.xz 176d38dd20bc9335562b1102d9c907f8bc33922ba07b9dada2461da73fc64c28 7688 lrzip_0.631+git180517-1.debian.tar.xz e58240fcd0eef1f3f7738b35ac6c81722f0b805b1e7639100a42ba3b335bd174 606280 lrzip-dbgsym_0.631+git180517-1_amd64.deb 748dfdf17c6cc651a9a97116429615bf4fbc2449c41bac4b57ccd1ccf9c1453e 6826 lrzip_0.631+git180517-1_amd64.buildinfo 0cd786cf86077e91fba4fc4944ea987643bb98459fa9f76a73ff9c5fd09a146b 258876 lrzip_0.631+git180517-1_amd64.deb Files: e9c146c5bc64bebe67a2ae4599ffbf49 1833 utils optional lrzip_0.631+git180517-1.dsc cd554ed96a3e4a4d02231df70879b842 200660 utils optional lrzip_0.631+git180517.orig.tar.xz 0e8c44a78604f83544d5f6a0ef79485a 7688 utils optional lrzip_0.631+git180517-1.debian.tar.xz 32e3570a65a39477911f384fedae8dc1 606280 debug optional lrzip-dbgsym_0.631+git180517-1_amd64.deb 4ed5c1db1b8ab0a27fa4b84ebbfe3aa8 6826 utils optional lrzip_0.631+git180517-1_amd64.buildinfo 04db0b66b329ea490835728f5244be53 258876 utils optional lrzip_0.631+git180517-1_amd64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEfYh9yLp7u6e4NeO63OMQ54ZMyL8FAlr9wB8ACgkQ3OMQ54ZM yL90exAAkBIFwgAn2LJ58/BKFZ5jhndecOTJFQhWJ4G+N/ucDsp7Kf6S9h3DyxFJ EH5DHVFD07psF1ieGAieEvg58NpO6Nf7HAFFwtJdnoZ60p2LUe160Dum6sWdVTm7 gAxJdxoIXKVUy43wRbrMgGHfkq+QoS04VLrxEND+UW1i1Vkb6cOgZXhVbcMhPEfb pFoWNJtRT3WdEcIOgx8YFh2uaeFXMdcEWnda/OD5JDF4Wu2se53PLRJ2zj7GNtVb BNpPcyoTuOusxe965RNFzubIBrBchpJz8EtacdLt9lTZBY8VmKGnktR3ocIsLNIm f6LqxYbyWlyMBJo/QkIZ/DiQLFxNGzk5O5SARGMd1CduqTzj3sQyyXbQJuoO5VTy yxjBevSuCTx3LYJaE5H5zKvDhmfnDYioD1NGMho0SN3m3K8A1H/UjNhrgMmb44Ip 5buadpsgH4vZJ6RAe+uwuxjp9sj4/P9LLV+PY3xy1fregQPUxuOQVcdcEtzCJd4N +PHyZxAQOnH11BUj8WaAyyRK4JtrlqLQwm1EkjVCOAc55Z0FzM6VxwBAo/IkYvt1 VOWz20STbPoDycahnygADU57KBdQEm+X3FkTS2LKKXJSd3j/go2zG274ihqjaFQJ BNDnbJVx0UIrapmUHva7Dfu+WbCHScRRGWfGj0OtVG9dwKMGunw= =HAH8 -----END PGP SIGNATURE-----
--- End Message ---
