Your message dated Tue, 30 Aug 2011 01:55:17 +0000
with message-id <[email protected]>
and subject line Bug#629688: fixed in vte 1:0.24.3-3
has caused the Debian Bug report #629688,
regarding libvte9: malicious escape sequence causes gnome-terminal to crash 
(memory consumption DoS)
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
629688: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=629688
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: libvte9
Version: 1:0.24.3-2
Severity: important

When passing a huge value to the "insert-blank-characters" capability
(defined in caps.c), gnome-terminal crashes (and maybe other terminals
that depend on libvte9). 

  $ cat -n vte-0.24.3/src/caps.c:
  [...]
  418          {CSI "%d@", "insert-blank-characters", 0},

To reproduce the crash:

  $ printf "\033[100000000000000000@" > /tmp/x
  $ cat /tmp/x

A sub-function calls the "brk()" syscall until process memory is
entirely consumed:

  $ strace -e brk -f gnome-terminal --disable-factory -x cat /tmp/x

Maybe this parameter value should be checked?

I wrote a small patch that checks this value inside the
vte_sequence_handler_multiple() function in the vte-0.24.3/src/vteseq.c
file.  Let me know if you're interested.

Tested on Debian Release 6.0.1, kernel 2.6.32-5-amd64, gnome-terminal
2.30.2-1.




--- End Message ---
--- Begin Message ---
Source: vte
Source-Version: 1:0.24.3-3

We believe that the bug you reported is fixed in the latest version of
vte, which is due to be installed in the Debian FTP archive:

libvte-common_0.24.3-3_all.deb
  to main/v/vte/libvte-common_0.24.3-3_all.deb
libvte-dev_0.24.3-3_amd64.deb
  to main/v/vte/libvte-dev_0.24.3-3_amd64.deb
libvte-doc_0.24.3-3_all.deb
  to main/v/vte/libvte-doc_0.24.3-3_all.deb
libvte9-udeb_0.24.3-3_amd64.udeb
  to main/v/vte/libvte9-udeb_0.24.3-3_amd64.udeb
libvte9_0.24.3-3_amd64.deb
  to main/v/vte/libvte9_0.24.3-3_amd64.deb
python-vte_0.24.3-3_amd64.deb
  to main/v/vte/python-vte_0.24.3-3_amd64.deb
vte_0.24.3-3.debian.tar.gz
  to main/v/vte/vte_0.24.3-3.debian.tar.gz
vte_0.24.3-3.dsc
  to main/v/vte/vte_0.24.3-3.dsc



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Josselin Mouette <[email protected]> (supplier of updated vte package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Thu, 18 Aug 2011 16:17:27 +0200
Source: vte
Binary: libvte9 libvte9-udeb libvte-dev libvte-common python-vte libvte-doc
Architecture: source all amd64
Version: 1:0.24.3-3
Distribution: stable
Urgency: low
Maintainer: Guilherme de S. Pastore <[email protected]>
Changed-By: Josselin Mouette <[email protected]>
Description: 
 libvte-common - Terminal emulator widget for GTK+ 2.0 - common files
 libvte-dev - Terminal emulator widget for GTK+ 2.0 - development files
 libvte-doc - Terminal emulator widget for GTK+ 2.0 - documentation
 libvte9    - Terminal emulator widget for GTK+ 2.0 - runtime files
 libvte9-udeb - Terminal emulator widget for GTK+ 2.0 - minimal runtime (udeb)
 python-vte - Python bindings for the VTE widget set
Closes: 629688
Changes: 
 vte (1:0.24.3-3) stable; urgency=low
 .
   * 01_CVE-2011-2198.patch: taken from upstream git. Fixes memory
     exhaustion vulnerability. Closes: #629688, CVE-2011-2198.
Checksums-Sha1: 
 ce89cf2e576d0cf2b0afe2d48e4ef484755306e0 1652 vte_0.24.3-3.dsc
 fc461d7304425d04a5bc93d8efed8adb8919b539 86057 vte_0.24.3-3.debian.tar.gz
 ebaec8479fa2daf3897fdb8d91d84889f3c7a431 415980 libvte-common_0.24.3-3_all.deb
 ab57d773b60937cf931e04a37139cca7dbe8d531 395314 libvte-doc_0.24.3-3_all.deb
 10c6a58039cec11c23422fa505a16708fdeb6df8 914900 libvte9_0.24.3-3_amd64.deb
 06eb4e542e0d3c557d7025fb77793649110dfbac 323472 
libvte9-udeb_0.24.3-3_amd64.udeb
 2735567f6e91cdf33f9ee95d6eba28a570cb6de9 721902 libvte-dev_0.24.3-3_amd64.deb
 6b6c09a00a8b8866ae75e181ce08d4985173f952 387044 python-vte_0.24.3-3_amd64.deb
Checksums-Sha256: 
 7e0ce00ce7e5f0add472bd90a5d950343897e091b6ddc768cef29c7bdb079c35 1652 
vte_0.24.3-3.dsc
 12767331670add4b46de6e359be2f61ae6e21ca3632aedf2b429a34f4cd5e9c0 86057 
vte_0.24.3-3.debian.tar.gz
 7774545e43b498c105d7b2a32226f4fa4096b36101ddf8815b6d0d6f39ffe308 415980 
libvte-common_0.24.3-3_all.deb
 43f6a108f083cf51353fcd782974716ad8ae0f60c8b78e6b8f1bd8decd38ff98 395314 
libvte-doc_0.24.3-3_all.deb
 7ed9820e2e1f54d5a74a7bc0076101f016b605aa0a94e8ac5318b03c0d728961 914900 
libvte9_0.24.3-3_amd64.deb
 3571abf64d148e387fbe22c006d91323b13ed244e0aefd03e3af0414f8c8c3f5 323472 
libvte9-udeb_0.24.3-3_amd64.udeb
 bdb691f23c4e4912a8a445773ffab13ed22858f98b9323731cf27d05cb7ece1c 721902 
libvte-dev_0.24.3-3_amd64.deb
 6b7575970c6b2aae96bdb620b1991b0e39a29e2b5e62576e35433443ebc42aed 387044 
python-vte_0.24.3-3_amd64.deb
Files: 
 2377808c000f634e72bfd92e180135db 1652 libs optional vte_0.24.3-3.dsc
 0c9af366d1e3f54c20682719029712d9 86057 libs optional vte_0.24.3-3.debian.tar.gz
 2edd9b6ef701d6b1341b03e2247d8cef 415980 libs optional 
libvte-common_0.24.3-3_all.deb
 c08d452850c9733662ed1bbc0cbc65c4 395314 doc optional 
libvte-doc_0.24.3-3_all.deb
 b78ed14ea8e1569651b869661a01c519 914900 libs optional 
libvte9_0.24.3-3_amd64.deb
 00ea104ba17708304f920a4e5ed6fcc3 323472 debian-installer extra 
libvte9-udeb_0.24.3-3_amd64.udeb
 13bdf1883b5ce4e765f2c45842e25c9b 721902 libdevel optional 
libvte-dev_0.24.3-3_amd64.deb
 76db9529d000eaa4173356526ba43630 387044 python optional 
python-vte_0.24.3-3_amd64.deb
Package-Type: udeb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iD8DBQFOW/1drSla4ddfhTMRAhBAAKDd//wrm5qRDh2AvO/Eu7SSrKz4jgCghu+V
lnOGo+i8szwNtL+SUlEMhow=
=iLFH
-----END PGP SIGNATURE-----



--- End Message ---

Reply via email to