Package: release.debian.org Severity: normal User: release.debian....@packages.debian.org Usertags: unblock
Hi, Please unblock package bzip2, it fixes CVE-2019-12900 (tracked as #930886) in the BTS itself. > bzip2 (1.0.6-9.1) unstable; urgency=high > > * Non-maintainer upload. > * Make sure nSelectors is not out of range (CVE-2019-12900) > (Closes: #930886) AFAICS autopkgtest runs are still running, so we might want to wait for the results before a possible unblock? unblock bzip2/1.0.6-9.1 Regards, Salvatore
diff -Nru bzip2-1.0.6/debian/changelog bzip2-1.0.6/debian/changelog --- bzip2-1.0.6/debian/changelog 2018-08-14 21:28:22.000000000 +0200 +++ bzip2-1.0.6/debian/changelog 2019-06-24 22:15:37.000000000 +0200 @@ -1,3 +1,11 @@ +bzip2 (1.0.6-9.1) unstable; urgency=high + + * Non-maintainer upload. + * Make sure nSelectors is not out of range (CVE-2019-12900) + (Closes: #930886) + + -- Salvatore Bonaccorso <car...@debian.org> Mon, 24 Jun 2019 22:15:37 +0200 + bzip2 (1.0.6-9) unstable; urgency=medium [ Santiago Ruano Rincón ] diff -Nru bzip2-1.0.6/debian/patches/Make-sure-nSelectors-is-not-out-of-range.patch bzip2-1.0.6/debian/patches/Make-sure-nSelectors-is-not-out-of-range.patch --- bzip2-1.0.6/debian/patches/Make-sure-nSelectors-is-not-out-of-range.patch 1970-01-01 01:00:00.000000000 +0100 +++ bzip2-1.0.6/debian/patches/Make-sure-nSelectors-is-not-out-of-range.patch 2019-06-24 22:15:37.000000000 +0200 @@ -0,0 +1,34 @@ +From: Albert Astals Cid <aa...@kde.org> +Date: Tue, 28 May 2019 19:35:18 +0200 +Subject: Make sure nSelectors is not out of range +Origin: https://gitlab.com/federicomenaquintero/bzip2/commit/74de1e2e6ffc9d51ef9824db71a8ffee5962cdbc +Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2019-12900 +Bug-Debian: https://bugs.debian.org/930886 + +nSelectors is used in a loop from 0 to nSelectors to access selectorMtf +which is + UChar selectorMtf[BZ_MAX_SELECTORS]; +so if nSelectors is bigger than BZ_MAX_SELECTORS it'll do an invalid memory +access + +Fixes out of bounds access discovered while fuzzying karchive +--- + decompress.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/decompress.c b/decompress.c +index ab6a624db17a..f3db91d14f6e 100644 +--- a/decompress.c ++++ b/decompress.c +@@ -287,7 +287,7 @@ Int32 BZ2_decompress ( DState* s ) + GET_BITS(BZ_X_SELECTOR_1, nGroups, 3); + if (nGroups < 2 || nGroups > 6) RETURN(BZ_DATA_ERROR); + GET_BITS(BZ_X_SELECTOR_2, nSelectors, 15); +- if (nSelectors < 1) RETURN(BZ_DATA_ERROR); ++ if (nSelectors < 1 || nSelectors > BZ_MAX_SELECTORS) RETURN(BZ_DATA_ERROR); + for (i = 0; i < nSelectors; i++) { + j = 0; + while (True) { +-- +2.20.1 + diff -Nru bzip2-1.0.6/debian/patches/series bzip2-1.0.6/debian/patches/series --- bzip2-1.0.6/debian/patches/series 2018-08-13 13:29:27.000000000 +0200 +++ bzip2-1.0.6/debian/patches/series 2019-06-24 22:15:37.000000000 +0200 @@ -7,3 +7,4 @@ bzip2recover-CVE-2016-3189.patch bzdiff-tmpdir-spaces.diff 40-bzdiff-l.patch +Make-sure-nSelectors-is-not-out-of-range.patch