[SECURITY] [DLA 1645-1] wireshark security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Package: wireshark Version: 1.12.1+g01b65bf-4+deb8u17 CVE ID : CVE-2019-5716 CVE-2019-5717 CVE-2019-5719 Several issues in wireshark, a network traffic analyzer, have been found. Dissectors of - ISAKMP, a Internet Security Association and Key Management Protocol - P_MUL, a reliable multicast transfer protocol - 6LoWPAN, IPv6 over Low power Wireless Personal Area Network are affected. CVE-2019-5719 Mateusz Jurczyk found that a missing encryption block in a packet could crash the ISAKMP dissector. CVE-2019-5717 It was found that the P_MUL dissector could crash when a malformed packet contains an illegal Data PDU sequence number of 0. Such a packet may not be analysed. CVE-2019-5716 It was found that the 6LoWPAN dissector could crash when a malformed packet does not contain IPHC information though the header says it should. For Debian 8 "Jessie", these problems have been fixed in version 1.12.1+g01b65bf-4+deb8u17. We recommend that you upgrade your wireshark packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAlxPeIlfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7 WEfF0RAAji1G7cf9Y3xM5M4dRAVwDcx64UrZrgkL/jsn/tUVClcQJF6jxIszbt+S mp1H88kf6ek/U4G3mK9ghR+G6i/573WLweVKHEoOhbnl+Xvq671DQMonSHaixv5h HrMpjdGQOKdsJxOF1kCduIlbygiZosREkdH7QSgo/oTwaWgUBjJ2fwWYaWWmpRcH 3ppd34C7dhXi/x60Qc4Fs8xBKKv0jGzHJXjhr+Lt3DexmXDauEoOrTccG4GS+mVb 2Ex2Aehu+8QcZUw37HfrfEAINuZu7ojySsEmBKt+hdhVA5+j8Z+iduA8rVzZmEVl QPzazXmxi+VBp1++wKKcqifqbZe7fIoJPZJsAbr1FdQ94fJ6RTD5jqpDYhAQ2Jdw sFeJZMdM6GGGwbPzUk+NbzCUaz+EjnsFfdDLIn2igQJCBQHoRpBe5w7d6wqjQ9W+ gnV3COPvaMLu5wg4Edbpmvrv6FgwL/q4gLbud6hTyzPXzca+opYEyv99AHBFgaA9 UCDMqc7EEUOy2i2PyIy1BEVXm40gDpkecrPMlc4cnM+MaOka9pv4OAinnBvne3iL zQIETKgKxxEXDVFrY0i245I8W0OtbF0jxRxOgvCQeum5NqghPB9lZ+2k1i3XeWO9 A6John21n6DAL3KTckbaTJQY+5cMTJuYW0nlNB4Bqtt6bJwphcs= =Kysb -END PGP SIGNATURE-
Accepted wireshark 1.12.1+g01b65bf-4+deb8u17 (source amd64 all) into oldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Mon, 28 Jan 2019 19:03:02 +0100 Source: wireshark Binary: wireshark-common wireshark wireshark-qt tshark wireshark-dev wireshark-dbg wireshark-doc libwireshark5 libwsutil4 libwsutil-dev libwireshark-data libwireshark-dev libwiretap4 libwiretap-dev Architecture: source amd64 all Version: 1.12.1+g01b65bf-4+deb8u17 Distribution: jessie-security Urgency: medium Maintainer: Balint Reczey Changed-By: Thorsten Alteholz Description: libwireshark-data - network packet dissection library -- data files libwireshark-dev - network packet dissection library -- development files libwireshark5 - network packet dissection library -- shared library libwiretap-dev - network packet capture library -- development files libwiretap4 - network packet capture library -- shared library libwsutil-dev - network packet dissection utilities library -- shared library libwsutil4 - network packet dissection utilities library -- shared library tshark - network traffic analyzer - console version wireshark - network traffic analyzer - GTK+ version wireshark-common - network traffic analyzer - common files wireshark-dbg - network traffic analyzer - debug symbols wireshark-dev - network traffic analyzer - development tools wireshark-doc - network traffic analyzer - documentation wireshark-qt - network traffic analyzer - Qt version Changes: wireshark (1.12.1+g01b65bf-4+deb8u17) jessie-security; urgency=medium . * Non-maintainer upload by the Wheezy LTS Team. * fix for the following CVEs: CVE-2019-5716 CVE-2019-5717 CVE-2019-5719 Checksums-Sha1: 31101aa0db060a408ba25b9402cafc6c58a1d141 3505 wireshark_1.12.1+g01b65bf-4+deb8u17.dsc 407f0a5f28c4ea34b0ea2b5a43e1da7632e357a9 25091052 wireshark_1.12.1+g01b65bf.orig.tar.xz da0aae9891d4d9052f1bb33138fbe69630307c78 202076 wireshark_1.12.1+g01b65bf-4+deb8u17.debian.tar.xz 62286e1dad22725c4f1cd9fa09e2d9cfce04a5d0 182856 wireshark-common_1.12.1+g01b65bf-4+deb8u17_amd64.deb 33c5c4c5fff20257133b46c347ba7aabf0822d13 791614 wireshark_1.12.1+g01b65bf-4+deb8u17_amd64.deb 11553aafb2d35eb86523cfa2555ad1344b70416a 1066466 wireshark-qt_1.12.1+g01b65bf-4+deb8u17_amd64.deb f3aad7a23171c0755e54ca1ed0daec7f34f11670 163876 tshark_1.12.1+g01b65bf-4+deb8u17_amd64.deb e8d4c3d2e23786405703339a8c097d431b03d509 146902 wireshark-dev_1.12.1+g01b65bf-4+deb8u17_amd64.deb fd1bf51a60f632c9fdf560f4df1a1cf622f25f69 38781532 wireshark-dbg_1.12.1+g01b65bf-4+deb8u17_amd64.deb 26f492d37d1c8d67809013e2203c3a14bd5a212f 3872572 wireshark-doc_1.12.1+g01b65bf-4+deb8u17_all.deb cae5e01158ba0293d8a22d38ee4c091b2d433d54 11281488 libwireshark5_1.12.1+g01b65bf-4+deb8u17_amd64.deb a7dde4f38e43c77ee911bd03e597607cbcc79626 96896 libwsutil4_1.12.1+g01b65bf-4+deb8u17_amd64.deb 9b0dc6286a5cc9c04bc8fc11eb24f416a79f566e 73574 libwsutil-dev_1.12.1+g01b65bf-4+deb8u17_amd64.deb 65a74a270fedd949d7b6a2046238b2725d0dbe60 839046 libwireshark-data_1.12.1+g01b65bf-4+deb8u17_all.deb 933a7fdbf16f134ac434d52016ad9e0204b4d862 769480 libwireshark-dev_1.12.1+g01b65bf-4+deb8u17_amd64.deb 969c023bf1c6c2d80d26716dc3524b6957afa8af 189284 libwiretap4_1.12.1+g01b65bf-4+deb8u17_amd64.deb fcfcd456126c9997c038779842b09a81fdea1810 80776 libwiretap-dev_1.12.1+g01b65bf-4+deb8u17_amd64.deb Checksums-Sha256: 40403d1985193475c1e6aecbe8867f00e79f97cf84b9db584ae844ce0275e0a6 3505 wireshark_1.12.1+g01b65bf-4+deb8u17.dsc 5244081064ba37780804983724e09263440866587f33f2a525a684b6d393d4cf 25091052 wireshark_1.12.1+g01b65bf.orig.tar.xz 222d3d08df9abde7d56f0ede07599f4a3a869a5b388764e3e2ffb75f6669d33a 202076 wireshark_1.12.1+g01b65bf-4+deb8u17.debian.tar.xz fbc7d5148dd576812c6b1cdb0c5b8c3c29b5416b64dd9da65cbe4ef7a6047d12 182856 wireshark-common_1.12.1+g01b65bf-4+deb8u17_amd64.deb da4e905563eb5c6475f18b7e30290630fe9ab4605a34bbc5c158987310a43119 791614 wireshark_1.12.1+g01b65bf-4+deb8u17_amd64.deb 8ff76d5122f6d18725c955f0b198e9928f87e99d2ed5744c81264c5717e9ba20 1066466 wireshark-qt_1.12.1+g01b65bf-4+deb8u17_amd64.deb 7f415d71d069bac0b761f45b57ef9ed1e3fcce1e68f9c8caf3e4df12c248aea6 163876 tshark_1.12.1+g01b65bf-4+deb8u17_amd64.deb 130ab7ce008937a8963e684c25ad7db3abe5c1f7e88a9061a467a04255f7ba87 146902 wireshark-dev_1.12.1+g01b65bf-4+deb8u17_amd64.deb 9df1267bb58bddcd6e6a6560610855151a38798dbaea3d764ddb853cb2749de0 38781532 wireshark-dbg_1.12.1+g01b65bf-4+deb8u17_amd64.deb d28f02a5e5cd1771252ed44d420dddb07a50bdeecefaadbd2ba204d7c60a1dc7 3872572 wireshark-doc_1.12.1+g01b65bf-4+deb8u17_all.deb b1bf1c3c8619166c94afb7acaa9278efda495020d16020ccaa7ce8d34b4259d6 11281488 libwireshark5_1.12.1+g01b65bf-4+deb8u17_amd64.deb dbe2a73d3771f89fdcb1ea59fc560cac2be6829e06777cf08ead9a71e295503f 96896 libwsutil4_1.12.1+g01b65bf-4+deb8u17_amd64.deb e678685b56a3ce3f1166491b606faafd5c27b9f3fa81b50c62046ee4a007498c 73574 libwsutil-dev_1.12.1+g01b65bf-4+deb8u17_amd64.deb b33fc4e835da5dee163920082f68b822d4ef31b9ef7e3d6820ca97ed699b6063 839046
PHP 5.6 EOD of Life Support and Debian 8 LTS.
Hello, With the end of life support of PHP 5.6 from upstream, do you know if Debian LTS team will still support php5.6 in the future ? I'm talking about the packaging of PHP 5.6.40 but also about next potential vulnerabilities which may happened. By the way; does PHP 7.0 will be supported by Debian LTS team when Stretch became LTS ? Thanks! Regards, Thomas
Re: [SECURITY] [DLA 1644-1] policykit-1 security update
Thank you Le Lun 28 Jan 2019 14:05, Emilio Pozuelo Monfort a écrit : > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > Package: policykit-1 > Version: 0.105-15~deb8u4 > CVE ID : CVE-2018-19788 CVE-2019-6133 > > Two vulnerabilities were found in Policykit, a framework for managing > administrative policies and privileges: > > CVE-2018-19788 > > It was discovered that incorrect processing of very high UIDs in > Policykit could result in authentication bypass. > > CVE-2019-6133 > > Jann Horn of Google found that Policykit doesn't properly check > if a process is already authenticated, which can lead to an > authentication reuse by a different user. > > For Debian 8 "Jessie", these problems have been fixed in version > 0.105-15~deb8u4. > > We recommend that you upgrade your policykit-1 packages. > > Further information about Debian LTS security advisories, how to apply > these updates to your system and frequently asked questions can be > found at: https://wiki.debian.org/LTS > -BEGIN PGP SIGNATURE- > > iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAlxO/fwACgkQnUbEiOQ2 > gwJcUg//fmu03pDkHkhW6dXIDiMsdBhP/17aVNQqgo+SRUKeHVE4WG1V4pP34cs6 > gYyk38oS6NOIEZ2gs0uOeXmvupuFnf56bhIX4ZN2ndRoLep1pC2e3nHbmrG1Ivrd > v16EkxCqerOjSizPlo03MzzgJg3e0745o1StObNEdbk2PHJ8rahc7D9ZaaGO/2Zq > apoP0byB6unsnTTW6UVke4ou1c/OY1B7E7ZGtbdPEcZyheM89m5Hu2GODb7xqwIx > GRSFa7s56ulKLfiDaFW5P0+PSg0RGqZm8W/kxOK+Ku4Q6LF352K7rOSWBHF+z0pz > JUDmZbcZ570VmyfFy7pwRkO2RSr78WI4BIfIlBEMvw0fPzgRbVPegcbF9aJVJU+r > PjRK05P3fLC6odl7aAupSv4M/SN/K+nxw0rUr95JHa/XQTfx7djHDhh7WodpI1bt > fNCyr1Lew7A3351GJU5Y4vcrs/GGyHSS6yL/+x+kD4jKFGYw7vCYFEWL+m1pHg3Y > jcTyvRopkuffZ7wv7nWPbyaf3uOYr1qb9DFqS+HkmV2qMIxdkO5wbE9+jvie6Gsu > q8neH1Q5gGpRDq3C6nkWHlDnIAuS7tQEnnBpRhu0lPaYSO5CECH6d/NaFQw0Dyal > abwI1rSiOeDOWReoSF62Fy+hIIY4GV1pinaV+hSHjyj/Wydw4/I= > =APCW > -END PGP SIGNATURE- > >
[SECURITY] [DLA 1644-1] policykit-1 security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: policykit-1 Version: 0.105-15~deb8u4 CVE ID : CVE-2018-19788 CVE-2019-6133 Two vulnerabilities were found in Policykit, a framework for managing administrative policies and privileges: CVE-2018-19788 It was discovered that incorrect processing of very high UIDs in Policykit could result in authentication bypass. CVE-2019-6133 Jann Horn of Google found that Policykit doesn't properly check if a process is already authenticated, which can lead to an authentication reuse by a different user. For Debian 8 "Jessie", these problems have been fixed in version 0.105-15~deb8u4. We recommend that you upgrade your policykit-1 packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAlxO/fwACgkQnUbEiOQ2 gwJcUg//fmu03pDkHkhW6dXIDiMsdBhP/17aVNQqgo+SRUKeHVE4WG1V4pP34cs6 gYyk38oS6NOIEZ2gs0uOeXmvupuFnf56bhIX4ZN2ndRoLep1pC2e3nHbmrG1Ivrd v16EkxCqerOjSizPlo03MzzgJg3e0745o1StObNEdbk2PHJ8rahc7D9ZaaGO/2Zq apoP0byB6unsnTTW6UVke4ou1c/OY1B7E7ZGtbdPEcZyheM89m5Hu2GODb7xqwIx GRSFa7s56ulKLfiDaFW5P0+PSg0RGqZm8W/kxOK+Ku4Q6LF352K7rOSWBHF+z0pz JUDmZbcZ570VmyfFy7pwRkO2RSr78WI4BIfIlBEMvw0fPzgRbVPegcbF9aJVJU+r PjRK05P3fLC6odl7aAupSv4M/SN/K+nxw0rUr95JHa/XQTfx7djHDhh7WodpI1bt fNCyr1Lew7A3351GJU5Y4vcrs/GGyHSS6yL/+x+kD4jKFGYw7vCYFEWL+m1pHg3Y jcTyvRopkuffZ7wv7nWPbyaf3uOYr1qb9DFqS+HkmV2qMIxdkO5wbE9+jvie6Gsu q8neH1Q5gGpRDq3C6nkWHlDnIAuS7tQEnnBpRhu0lPaYSO5CECH6d/NaFQw0Dyal abwI1rSiOeDOWReoSF62Fy+hIIY4GV1pinaV+hSHjyj/Wydw4/I= =APCW -END PGP SIGNATURE-
Accepted policykit-1 0.105-15~deb8u4 (source amd64 all) into oldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Mon, 28 Jan 2019 13:14:18 +0100 Source: policykit-1 Binary: policykit-1 policykit-1-doc libpolkit-gobject-1-0 libpolkit-gobject-1-dev libpolkit-agent-1-0 libpolkit-agent-1-dev libpolkit-backend-1-0 libpolkit-backend-1-dev gir1.2-polkit-1.0 Architecture: source amd64 all Version: 0.105-15~deb8u4 Distribution: jessie-security Urgency: medium Maintainer: Utopia Maintenance Team Changed-By: Emilio Pozuelo Monfort Description: gir1.2-polkit-1.0 - GObject introspection data for PolicyKit libpolkit-agent-1-0 - PolicyKit Authentication Agent API libpolkit-agent-1-dev - PolicyKit Authentication Agent API - development files libpolkit-backend-1-0 - PolicyKit backend API libpolkit-backend-1-dev - PolicyKit backend API - development files libpolkit-gobject-1-0 - PolicyKit Authorization API libpolkit-gobject-1-dev - PolicyKit Authorization API - development files policykit-1 - framework for managing administrative policies and privileges policykit-1-doc - documentation for PolicyKit-1 Changes: policykit-1 (0.105-15~deb8u4) jessie-security; urgency=medium . * CVE-2018-19788: authorization bypass for users with a high id * CVE-2019-6133: authorization reuse due to insuficient uid checks. Checksums-Sha1: 3c849da797b2cf98c07863f1e5ce8ec7f16a7035 2929 policykit-1_0.105-15~deb8u4.dsc 53d56484a5bffb0aaf645c8d813b3063e01e8423 1431080 policykit-1_0.105.orig.tar.gz 293a004015e5afb9b311a86ac6acb3b5786820c1 48400 policykit-1_0.105-15~deb8u4.debian.tar.xz 29aa088b134bbabedaef178d679fa1862131a85a 62536 policykit-1_0.105-15~deb8u4_amd64.deb 4fae2beb01ef64128ffc3606d3de11cca08620e7 265372 policykit-1-doc_0.105-15~deb8u4_all.deb d64618edf02c29c01cc4cd58b7c79342e39d8af0 43688 libpolkit-gobject-1-0_0.105-15~deb8u4_amd64.deb 3160dca6df7d57c571cf3c0efe66d522b210d641 62716 libpolkit-gobject-1-dev_0.105-15~deb8u4_amd64.deb 6f08c0dab7e709b7a774f37fbb7355231f8f2c86 24288 libpolkit-agent-1-0_0.105-15~deb8u4_amd64.deb 7c81e17e061b5b4ea7d026491577ebee8d1281d4 30158 libpolkit-agent-1-dev_0.105-15~deb8u4_amd64.deb b466e412b25dfb28ded100a9d6b723f3bd73e5e0 45874 libpolkit-backend-1-0_0.105-15~deb8u4_amd64.deb d46e012bc4bf29324067dccdf2f11aa729bbf80d 50302 libpolkit-backend-1-dev_0.105-15~deb8u4_amd64.deb 76107e0f72d247d42e96045cea4a14717c966051 16482 gir1.2-polkit-1.0_0.105-15~deb8u4_amd64.deb Checksums-Sha256: f3308146e233c1a4371fa28df775ac23ad0d5179721ca3623cbf116a4a032468 2929 policykit-1_0.105-15~deb8u4.dsc 8fdc7cc8ba4750fcce1a4db9daa759c12afebc7901237e1c993c38f08985e1df 1431080 policykit-1_0.105.orig.tar.gz ee977935d8850a9814a6de66e1eb5c7aaa461530a1f4719b933530c177cdd952 48400 policykit-1_0.105-15~deb8u4.debian.tar.xz 542ce2b71aa6f828f5d37bf5d762f34074f9d712d4da61c937e589c838ec2f26 62536 policykit-1_0.105-15~deb8u4_amd64.deb a847f1acda7686e9001ff4bf434d9a7ff0cf79a3bfe1d88dfc2707feb3d68033 265372 policykit-1-doc_0.105-15~deb8u4_all.deb d534a01e29317c87157712fe6ab0189caad06c2d788138f1a5aef67189484042 43688 libpolkit-gobject-1-0_0.105-15~deb8u4_amd64.deb 24cab7df11a84fb6cbf5645740efb875f77fe0d9aa34bf709b4eb561d1b75d6a 62716 libpolkit-gobject-1-dev_0.105-15~deb8u4_amd64.deb 576d8141759bd13841b00fc0c83f0465c01e9df158bfaeafe25b998109768685 24288 libpolkit-agent-1-0_0.105-15~deb8u4_amd64.deb 7db50a3010a938b9acbdbaa9a058121b657939b0cc6eb56bca10fae9cb1c0ddd 30158 libpolkit-agent-1-dev_0.105-15~deb8u4_amd64.deb 536f2df9dac5c91b8dcd426f1b966bf133b776b1a0d697be4b4b50e172f32f64 45874 libpolkit-backend-1-0_0.105-15~deb8u4_amd64.deb cb8ce4545893d2b6a30b9aa01b1c702b341dc86e92445b2b2e141f038ab8cdcd 50302 libpolkit-backend-1-dev_0.105-15~deb8u4_amd64.deb f280fb80eca5d5820d2e114cee026d48064d304f8d8ab5dc38c44fda05298962 16482 gir1.2-polkit-1.0_0.105-15~deb8u4_amd64.deb Files: d612b6d7ac776445cf860635719e3fcb 2929 admin optional policykit-1_0.105-15~deb8u4.dsc 9c29e1b6c214f0bd6f1d4ee303dfaed9 1431080 admin optional policykit-1_0.105.orig.tar.gz bb5c063c8db8a32399a232c5c4344afe 48400 admin optional policykit-1_0.105-15~deb8u4.debian.tar.xz 19771576e55e667d03865b18acfccd23 62536 admin optional policykit-1_0.105-15~deb8u4_amd64.deb 037413485db855733c8b2d719a1d471c 265372 doc optional policykit-1-doc_0.105-15~deb8u4_all.deb f8b307c6e1f20abd97826aacc3915c3e 43688 libs optional libpolkit-gobject-1-0_0.105-15~deb8u4_amd64.deb fe8cb36a9fef25fc2c350cea7bd5b4b1 62716 libdevel optional libpolkit-gobject-1-dev_0.105-15~deb8u4_amd64.deb d747b8020ac4c1bde06c04fcacf94d7f 24288 libs optional libpolkit-agent-1-0_0.105-15~deb8u4_amd64.deb 94573e1a33cfa5122cff4c13364b3a8a 30158 libdevel optional libpolkit-agent-1-dev_0.105-15~deb8u4_amd64.deb a4cdc354ceb3ef1f4a96a808c5c18a32 45874 libs optional libpolkit-backend-1-0_0.105-15~deb8u4_amd64.deb 4229b2c8409367cda1f28af1fae2480a 50302 libdevel optional libpolkit-backend-1-dev_0.105-15~deb8u4_amd64.deb 78bdd54189b98d0acce7657b4bc23469 16482 introspection optional
Question about contact maintainers script
Hi LTS team In some old version of the contact maintainers script it was sending an email to $pack...@packages.debian.org instead of individually to each maintainer. We got a complaint from one of the maintainer teams that it do this. My conclusion is that it sends an email to the maintainer and all the uploaders and obviously the uploader do not always want to be contacted for a particular package. The reason why it expands all, including uploaders is that the source of the package expansion do not distinguish between maintainer and uploader. So my question to you all is whether there is any particular reason why it is expanded in this way, or if we should change back to sending an email to $pack...@packages.debian.org. Best regards // Ola -- --- Inguza Technology AB --- MSc in Information Technology / o...@inguza.comFolkebogatan 26\ | o...@debian.org 654 68 KARLSTAD| | http://inguza.com/Mobile: +46 (0)70-332 1551 | \ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 / ---
Re: [Qemu-devel] [PATCH v2] bt: use size_t type for length parameters instead of int
Hi Hugo, On 1/28/19 10:31 AM, Hugo Lefeuvre wrote: > Hi, > >> The length parameter values are not negative, thus use an unsigned >> type 'size_t' for them. Many routines pass 'len' values to memcpy(3) >> calls. If it was negative, it could lead to memory corruption issues. >> Add check to avoid it. > > I'm working on a Debian LTS security update for qemu and am currently > thinking about addressing this issue as well. > > I see this patch has not been applied yet and the bluetooth subsystem > is pending deprecation. Are you still considering to apply it? I have been assigned to fix this issue, but rather fixing locally this BT device, fix the pattern on all devices. I'll post the series during the week and Cc you (and eventually the Debian LTS list when it gets merged). The series obsoletes this patch, so the plan is to not apply it. > >> @@ -113,6 +113,7 @@ static void vhci_host_send(void *opaque, >> static uint8_t buf[4096]; >> >> buf[0] = type; >> +assert(len < sizeof(buf)); >> memcpy(buf + 1, data, len); >> >> while (write(s->fd, buf, len + 1) < 0) > > Any reason why assert() calls are used here ? > > These checks should always be executed, but they won't if user compiles > without asserts. Also, AFAIK any assert failure will stop the qemu host > process which is not what we want in this case. There was a discussion about this, and the outcome is QEMU does not support building without assertions. See this commit: https://git.qemu.org/?p=qemu.git;a=blobdiff;f=include/qemu/osdep.h;h=9966638;hp=6855b94;hb=262a69f42;hpb=825bfa005 Regards, Phil. signature.asc Description: OpenPGP digital signature
Re: Review and testing phpmyadmin for Jessie LTS
Hi Hugo, On 1/28/19 6:40 AM, Hugo Lefeuvre wrote: > Hi Lucas, > > Sorry for the late answer. Do not worry. > I had an issue with your patch and took a while to find out what was going > wrong. > > This update broke table creation... > >> +--- a/libraries/transformations.lib.php >> b/libraries/transformations.lib.php >> +@@ -145,9 +145,10 @@ function PMA_getTransformationDescriptio >> + $class_name = explode(".class.php", $file); >> + $class_name = $class_name[0]; >> + >> +-// include and instantiate the class >> +-include_once 'libraries/plugins/transformations/' . $file; >> +-return $class_name::getInfo(); >> ++if (class_exists($class_name)) { >> ++return $class_name::getInfo(); >> ++} >> ++return '' > I guess a ; is missing here :) Great, sorry for being a victim of my lack of attention... I've never used phpmyadmin (that's why I requested some testing) and my local tests were so basic that they didn't catch this issue. Shame on me. I'll fix it and perform some tests. Thanks for the review and the time that you spent on this. Cheers! -- Lucas Kanashiro
Re: [Qemu-devel] [PATCH v2] bt: use size_t type for length parameters instead of int
Hi, > The length parameter values are not negative, thus use an unsigned > type 'size_t' for them. Many routines pass 'len' values to memcpy(3) > calls. If it was negative, it could lead to memory corruption issues. > Add check to avoid it. I'm working on a Debian LTS security update for qemu and am currently thinking about addressing this issue as well. I see this patch has not been applied yet and the bluetooth subsystem is pending deprecation. Are you still considering to apply it? > @@ -113,6 +113,7 @@ static void vhci_host_send(void *opaque, > static uint8_t buf[4096]; > > buf[0] = type; > +assert(len < sizeof(buf)); > memcpy(buf + 1, data, len); > > while (write(s->fd, buf, len + 1) < 0) Any reason why assert() calls are used here ? These checks should always be executed, but they won't if user compiles without asserts. Also, AFAIK any assert failure will stop the qemu host process which is not what we want in this case. regards, Hugo -- Hugo Lefeuvre (hle)|www.owl.eu.com RSA4096_ 360B 03B3 BF27 4F4D 7A3F D5E8 14AA 1EB8 A247 3DFD ed25519_ 37B2 6D38 0B25 B8A2 6B9F 3A65 A36F 5357 5F2D DC4C signature.asc Description: PGP signature
Re: qemu - CVE-2018-19665: bt subsystem mishandles negative length variables
Hi Adrian, > On 1/12/19 5:52 PM, Hugo Lefeuvre wrote: > > the subsystem doesn't seem to be very actively maintained and that the user > > base is quite small, it is maybe better to mark this no-dsa in stretch and > > Please don't forget thet Debian has derivates that do not get summed up in > popcon.d.o. So the user base might be bigger than assumed. Right, but I was actually strictly speaking about the bluetooth subsystem, quoting qemu's upstream[0]. cheers Hugo [0] https://patchwork.kernel.org/patch/10678421/ -- Hugo Lefeuvre (hle)|www.owl.eu.com RSA4096_ 360B 03B3 BF27 4F4D 7A3F D5E8 14AA 1EB8 A247 3DFD ed25519_ 37B2 6D38 0B25 B8A2 6B9F 3A65 A36F 5357 5F2D DC4C signature.asc Description: PGP signature
Re: Review and testing phpmyadmin for Jessie LTS
Hi Lucas, Sorry for the late answer. I had an issue with your patch and took a while to find out what was going wrong. This update broke table creation... > +--- a/libraries/transformations.lib.php > b/libraries/transformations.lib.php > +@@ -145,9 +145,10 @@ function PMA_getTransformationDescriptio > + $class_name = explode(".class.php", $file); > + $class_name = $class_name[0]; > + > +-// include and instantiate the class > +-include_once 'libraries/plugins/transformations/' . $file; > +-return $class_name::getInfo(); > ++if (class_exists($class_name)) { > ++return $class_name::getInfo(); > ++} > ++return '' I guess a ; is missing here :) cheers, Hugo -- Hugo Lefeuvre (hle)|www.owl.eu.com RSA4096_ 360B 03B3 BF27 4F4D 7A3F D5E8 14AA 1EB8 A247 3DFD ed25519_ 37B2 6D38 0B25 B8A2 6B9F 3A65 A36F 5357 5F2D DC4C signature.asc Description: PGP signature