tags 709931 + pending thanks Hi Chris
I've prepared an NMU for socat (versioned as 1.7.1.3-1.5) and uploaded it to DELAYED/10. In any case, please feel free to tell me if I should stop, so that you can finalize the upload yourself, or if I should delay it longer. Regards, Salvatore
diff -Nru socat-1.7.1.3/debian/changelog socat-1.7.1.3/debian/changelog --- socat-1.7.1.3/debian/changelog 2012-05-11 22:46:45.000000000 +0200 +++ socat-1.7.1.3/debian/changelog 2013-07-03 20:12:23.000000000 +0200 @@ -1,3 +1,12 @@ +socat (1.7.1.3-1.5) unstable; urgency=low + + * Non-maintainer upload. + * Add CVE-2013-3571.patch patch. + CVE-2013-3571: Fix denial of service due to file descriptor leak. + (Closes: #709931) + + -- Salvatore Bonaccorso <[email protected]> Wed, 03 Jul 2013 17:17:33 +0200 + socat (1.7.1.3-1.4) unstable; urgency=low * Non-maintainer upload for release goal diff -Nru socat-1.7.1.3/debian/patches/CVE-2013-3571.patch socat-1.7.1.3/debian/patches/CVE-2013-3571.patch --- socat-1.7.1.3/debian/patches/CVE-2013-3571.patch 1970-01-01 01:00:00.000000000 +0100 +++ socat-1.7.1.3/debian/patches/CVE-2013-3571.patch 2013-07-03 20:12:23.000000000 +0200 @@ -0,0 +1,25 @@ +Description: Fix FD leak + CVE-2013-3571: fix fd leak when socat is invoked with a listen type + address with option fork and one or more of the options sourceport, + lowport, range, or tcpwrap. When socat refuses a client connection due + to one of these address or port restrictions it does shutdown() the + socket but does not close() it, resulting in a file descriptor leak in + the listening process. This could be used to mount a denial of service + attack against socat running in server mode. +Origin: http://www.dest-unreach.org/socat/download/socat-1.7.2.2.patch.gz +Bug-Debian: http://bugs.debian.org/709931 +Forwarded: not-needed +Author: Salvatore Bonaccorso <[email protected]> +Last-Update: 2013-07-03 +Applied-Upstream: 1.7.2.2 + +--- a/xio-listen.c ++++ b/xio-listen.c +@@ -265,6 +265,7 @@ + if (Shutdown(ps, 2) < 0) { + Info2("shutdown(%d, 2): %s", ps, strerror(errno)); + } ++ Close(ps); + continue; + } + diff -Nru socat-1.7.1.3/debian/patches/series socat-1.7.1.3/debian/patches/series --- socat-1.7.1.3/debian/patches/series 2011-07-02 20:00:37.000000000 +0200 +++ socat-1.7.1.3/debian/patches/series 2013-07-03 20:12:23.000000000 +0200 @@ -3,3 +3,4 @@ 02-Manpage-slashes 03-Truncate debian-changes-1.7.1.3-1.1 +CVE-2013-3571.patch

