package: release.debian.org user: release.debian....@packages.debian.org usertags: unblock severity: normal x-debbugs-cc: debian-boot@lists.debian.org
Please consider unblocking e2fsprogs. A security issue is fixed. unblock e2fsprogs/1.42.12-1.1 unblock-udeb e2fsprogs/1.42.12-1.1
diff -Nru e2fsprogs-1.42.12/debian/changelog e2fsprogs-1.42.12/debian/changelog --- e2fsprogs-1.42.12/debian/changelog 2014-08-29 12:51:13.000000000 +0000 +++ e2fsprogs-1.42.12/debian/changelog 2015-02-22 02:18:20.000000000 +0000 @@ -1,3 +1,10 @@ +e2fsprogs (1.42.12-1.1) unstable; urgency=high + + * Non-maintainer upload by the Security Team. + * Fix CVE-2015-1572: incomplete fix for CVE-2015-0247 (closes: #778948). + + -- Michael Gilbert <mgilb...@debian.org> Sun, 22 Feb 2015 01:50:57 +0000 + e2fsprogs (1.42.12-1) unstable; urgency=low * New upstream version diff -Nru e2fsprogs-1.42.12/debian/patches/CVE-2015-1572.patch e2fsprogs-1.42.12/debian/patches/CVE-2015-1572.patch --- e2fsprogs-1.42.12/debian/patches/CVE-2015-1572.patch 1970-01-01 00:00:00.000000000 +0000 +++ e2fsprogs-1.42.12/debian/patches/CVE-2015-1572.patch 2015-02-22 02:18:20.000000000 +0000 @@ -0,0 +1,48 @@ +From 49d0fe2a14f2a23da2fe299643379b8c1d37df73 +From: Theodore Ts'o <ty...@mit.edu> +Date: Fri, 6 Feb 2015 12:46:39 -0500 +Subject: libext2fs: fix potential buffer overflow in closefs() + +The bug fix in f66e6ce4446: "libext2fs: avoid buffer overflow if +s_first_meta_bg is too big" had a typo in the fix for +ext2fs_closefs(). In practice most of the security exposure was from +the openfs path, since this meant if there was a carefully crafted +file system, buffer overrun would be triggered when the file system was +opened. + +However, if corrupted file system didn't trip over some corruption +check, and then the file system was modified via tune2fs or debugfs, +such that the superblock was marked dirty and then written out via the +closefs() path, it's possible that the buffer overrun could be +triggered when the file system is closed. + +Also clear up a signed vs unsigned warning while we're at it. + +Thanks to Nick Kralevich <n...@google.com> for asking me to look at +compiler warning in the code in question, which led me to notice the +bug in f66e6ce4446. + +Addresses: CVE-2015-1572 + +Signed-off-by: Theodore Ts'o <ty...@mit.edu> + +--- a/lib/ext2fs/closefs.c ++++ b/lib/ext2fs/closefs.c +@@ -287,7 +287,7 @@ errcode_t ext2fs_flush2(ext2_filsys fs, int flags) + dgrp_t j; + #endif + char *group_ptr; +- int old_desc_blocks; ++ blk64_t old_desc_blocks; + struct ext2fs_numeric_progress_struct progress; + + EXT2_CHECK_MAGIC(fs, EXT2_ET_MAGIC_EXT2FS_FILSYS); +@@ -346,7 +346,7 @@ errcode_t ext2fs_flush2(ext2_filsys fs, int flags) + group_ptr = (char *) group_shadow; + if (fs->super->s_feature_incompat & EXT2_FEATURE_INCOMPAT_META_BG) { + old_desc_blocks = fs->super->s_first_meta_bg; +- if (old_desc_blocks > fs->super->s_first_meta_bg) ++ if (old_desc_blocks > fs->desc_blocks) + old_desc_blocks = fs->desc_blocks; + } else + old_desc_blocks = fs->desc_blocks; diff -Nru e2fsprogs-1.42.12/debian/patches/series e2fsprogs-1.42.12/debian/patches/series --- e2fsprogs-1.42.12/debian/patches/series 1970-01-01 00:00:00.000000000 +0000 +++ e2fsprogs-1.42.12/debian/patches/series 2015-02-22 02:18:20.000000000 +0000 @@ -0,0 +1 @@ +CVE-2015-1572.patch